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Abstract 


The United States of America has adopted a suite of Secure Hash 
Algorithms (SHAs), including four beyond SHA-1, as part of a Federal 
Information Processing Standard (FIPS), specifically SHA-224 (RFC 
3874), SHA-256, SHA-384, and SHA-512. The purpose of this document 
is to make source code performing these hash functions conveniently 
available to the Internet community. The sample code supports input 
strings of arbitrary bit length. SHA-1’s sample code from RFC 3174 
has also been updated to handle input strings of arbitrary bit 
length. Most of the text herein was adapted by the authors from FIPS 
180-2. 


Code to perform SHA-based HMACs, with arbitrary bit length text, is 
also included. 
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1% 


Overview of Contents 


NOTE: Much of the text below is taken from [FIPS180-2] and assertions 
therein of the security of the algorithms described are made by the 
US Government, the author of [FIPS180-2], and not by the authors of 
this document. 


The text below specifies Secure Hash Algorithms, SHA-224 [RFC3874], 
SHA-256, SHA-384, and SHA-512, for computing a condensed 
representation of a message or a data file. (SHA-1 is specified in 
[RFC3174].) When a message of any length « 2^64 bits (for SHA-224 
and SHA-256) or « 2^128 bits (for SHA-384 and SHA-512) is input to 
one of these algorithms, the result is an output called a message 
digest. The message digests range in length from 224 to 512 bits, 
depending on the algorithm. Secure hash algorithms are typically 
used with other cryptographic algorithms, such as digital signature 
algorithms and keyed hash authentication codes, or in the generation 
of random numbers [RFC4086]. 


The four algorithms specified in this document are called secure 
because it is computationally infeasible to (1) find a message that 
corresponds to a given message digest, or (2) find two different 
messages that produce the same message digest. Any change to a 
message in transit will, with very high probability, result in a 
different message digest. This will result in a verification failure 
when the secure hash algorithm is used with a digital signature 
algorithm or a keyed-hash message authentication algorithm. 


The code provided herein supports input strings of arbitrary bit 
length.  SHA-1's sample code from [RFC3174] has also been updated to 
handle input strings of arbitrary bit length. See Section 1.1 for 
license information for this code. 


Section 2 below defines the terminology and functions used as 
building blocks to form these algorithms. Section 3 describes the 
fundamental operations on words from which these algorithms are 
built. Section 4 describes how messages are padded up to an integral 
multiple of the required block size and then parsed into blocks. 
Section 5 defines the constants and the composite functions used to 
Specify these algorithms. Section 6 gives the actual specification 
for the SHA-224, SHA-256, SHA-384, and SHA-512 functions. Section 7 
provides pointers to the specification of HMAC keyed message 
authentication codes based on the SHA algorithms. Section 8 gives 
sample code for the SHA algorithms and Section 9 code for SHA-based 
HMACs. The SHA-based HMACs will accept arbitrary bit length text. 
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1.1. License 


Permission is granted for all uses, commercial and non-commercial, of 
the sample code found in Section 8. Royalty free license to use, 
copy, modify and distribute the software found in Section 8 is 
granted, provided that this document is identified in all material 
mentioning or referencing this software, and provided that 
redistributed derivative works do not contain misleading author or 
version information. 


The authors make no representations concerning either the 
merchantability of this software or the suitability of this software 
for any particular purpose. It is provided "as is" without express 
or implied warranty of any kind. 


2. Notation for Bit Strings and Integers 


The following terminology related to bit strings and integers will be 
used: 


a. A hex digit is an element of the set (0, 1, ... , 9, A, ... , 
F}. A hex digit is the representation of a 4-bit string. 
Examples: 7 = 0111, A = 1010. 


b. A word equals a 32-bit or 64-bit string, which may be 
represented as a sequence of 8 or 16 hex digits, respectively. 
To convert a word to hex digits, each 4-bit string is converted 
to its hex equivalent as described in (a) above. Example: 


1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23. 


Throughout this document, the "big-endian" convention is used 
when expressing both 32-bit and 64-bit words, so that within 
each word the most significant bit is shown in the left-most bit 
position. 


c. An integer may be represented as a word or pair of words. 


An integer between 0 and 2^32 - 1 inclusive may be represented 
as a 32-bit word. The least significant four bits of the 
integer are represented by the right-most hex digit of the word 
representation. Example: the integer 291 = 2^8+2^5+2^1+2^0 = 
256+32+2+1 is represented by the hex word 00000123. 


The same holds true for an integer between 0 and 2^64-1 
inclusive, which may be represented as a 64-bit word. 
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ТЕ 2 is an integer, 0 <= 2 < 2764, then > = (2^32)x + y where 0 
<= x < 2°32 and 0 <= y « 2^32. Since x and y can be represented 
as words X and Y, respectively, z can be represented as the pair 
of words (X,Y). 


d. block = 512-bit or 1024-bit string. A block (e.g., B) may be 
represented as a sequence of 32-bit or 64-bit words. 


3. Operations on Words 
The following logical operators will be applied to words in all four 
hash operations specified herein.  SHA-224 and SHA-256 operate on 
32-bit words, while SHA-384 and SHA-512 operate on 64-bit words. 
In the operations below, x««n is obtained as follows: discard the 
left-most n bits of x and then pad the result with n zeroed bits on 


the right (the result will still be the same number of bits). 


а. Bitwise logical word operations 


X AND У = bitwise logical "and" of X and Y. 

X OR Y = bitwise logical "inclusive-or" of X and Y. 
X XOR Y = bitwise logical "exclusive-or" of X and Y. 
NOT X = bitwise logical "complement" of X. 
Example: 


01101100101110011101001001111011 
XOR 01100101110000010110100110110111 


= 00001001011110001011101111001100 
b. The operation X + Y is defined as follows: words X and Y 
represent w-bit integers x and у, where 0 <= x < 27ч and 
0 <= у < 2^w. For positive integers п and m, let 
n mod m 
be the remainder upon dividing n by m. Compute 


z = (x + y) mod 2%w. 


Then 0 <= z < 2^w. Convert z to а word, Z, and define Z = X + 
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4. 


C. The right shift operation SHR^n(x), where x is a w-bit word and 
n is an integer with 0 <= п < w, is defined by 


SHR^n (x) = x>>n 


Я. The rotate right (circular right shift) operation ROTR^n (x), 
where x is a w-bit word and n is an integer with 0 <= n < м, is 


defined by 
ROTR^n(x) = (x>>n) OR (x««(w-n)) 

е. The rotate left (circular left shift) operation ROTL^n(x), where 
x is а w-bit word and n is an integer with 0 <= n < м, is 
defined by 

ROTL^n(X) = (x<<n) OR (х>>м-п) 


Note the following equivalence relationships, where w is fixed 
in each relationship: 


ҺОТІ”п (x) ВОТВ^ (м-х) (x) 


ВОТВ^п (x) = ROTL^(w-n) (x) 
Message Padding and Parsing 


The hash functions specified herein are used to compute a message 
digest for a message or data file that is provided as input. Тһе 
message or data file should be considered to be a bit string. The 
length of the message is the number of bits in the message (the empty 
message has length 0). If the number of bits in a message is a 
multiple of 8, for compactness we can represent the message in hex. 
The purpose of message padding is to make the total length of a 
padded message a multiple of 512 for SHA-224 and SHA-256 ora 
multiple of 1024 for SHA-384 and SHA-512. 


The following specifies how this padding shall be performed. Asa 
summary, a "1" followed by a number of "0"s followed by a 64-bit or 
128-bit integer are appended to the end of the message to produce a 
padded message of length 512*n or 1024*n. The minimum number of "O"s 
necessary to meet this criterion is used. The appended integer is 
the length of the original message. The padded message is then 
processed by the hash function as n 512-bit or 1024-bit blocks. 
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4.1.  SHA-224 and SHA-256 


Suppose a message has length L « 2^64. Before it is input to the 
hash function, the message is padded on the right as follows: 


a. "1" is appended. Example: if the original message is 
"01010000", this is padded to "010100001". 


b. K "O"s are appended where K is the smallest, non-negative 
solution to the equation 


L + 1 + К = 448 (mod 512) 


c. Then append the 64-bit block that is L in binary representation. 
After appending this block, the length of the message will be a 
multiple of 512 bits. 


Example: Suppose the original message is the bit string 
01100001 01100010 01100011 01100100 01100101 

After step (a), this gives 
01100001 01100010 01100011 01100100 01100101 1 


Since L = 40, the number of bits in the above is 41 and K = 407 
"0"5 are appended, making the total now 448. This gives the 
following in hex: 


61626364 65800000 00000000 00000000 
00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000000 
00000000 00000000 


The 64-bit representation of L = 40 is hex 00000000 00000028. 
Hence the final padded message is the following hex: 


61626364 65800000 00000000 00000000 
00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000028 
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4.2. SHA-384 and SHA- 


Suppose a message has length L < 2^128. 


SHAs and HMAC-SHAs 


512 


July 2006 


Before it is input to the 


hash function, the message is padded on the right as follows: 


a. "1" is appende 


b. K "O"s are appended where K is the smallest, 


d. Example: 


solution to the equation 


Е + К 


= 896 (mod 1024) 


if the original message is 
"01010000", this is padded to "010100001". 


non-negative 


c. Then append the 128-bit block that is L in binary 


representation 


. After appending this block, 


message will be a multiple of 1024 bits. 


the length of the 


Example: Suppose the original message is the bit string 


01100001 01100010 01100011 01100100 01100101 


After step (a) 


this gives 


01100001 01100010 01100011 01100100 01100101 1 


Since L = 40, 


"0"5 are appended, making the total now 896. 


following inh 


61626364 
00000000 
00000000 
00000000 
00000000 
00000000 
00000000 


Тһе 128-bit representation of 1 


00000000 00000 
following hex: 


61626364 
00000000 
00000000 
00000000 
00000000 
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the number of bits in the above is 41 and K = 855 


ex: 


65800000 
00000000 
00000000 
00000000 
00000000 
00000000 
00000000 


65800000 
00000000 
00000000 
00000000 
00000000 


00000000 
00000000 
00000000 
00000000 
00000000 
00000000 
00000000 


00000000 
00000000 
00000000 
00000000 
00000000 


00000000 
00000000 
00000000 
00000000 
00000000 
00000000 
00000000 


This gives the 


= 40 is hex 00000000 00000000 
028. Hence the final padded message is the 


00000000 
00000000 
00000000 
00000000 
00000000 
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00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000028 


5. Functions and Constants Used 


The following subsections give the six logical functions and the 
table of constants used in each of the hash functions. 


5.1. SHA-224 and SHA-256 
SHA-224 and SHA-256 use six logical functions, where each function 


operates on 32-bit words, which are represented as x, y, and z. The 
result of each function is a new 32-bit word. 


CH( x, у, 2) = (x AND у) ХОК ( (NOT x) AND 2) 
MAJ( X, у, 2) = (x AND у) ХОК (x AND 2) ХОК (у AND 2) 
BSIGO (x) = ROTR^2(x) ХОК ROTR^13(x) ХОК ROTR^22 (x) 


BSIG1 (x) = ROTR^6(x) ХОК ВОТВ^11(х) ХОК ROTR^25 (x) 


SSIGO (x) КОТК^7 (х) ХОК ROTR^18(x) ХОК SHR^3 (х) 
SSIG1 (х) = ВОТВ^17(х) ХОК КОТК^19 (х) XOR SHR^10 (x) 


SHA-224 and SHA-256 use the same sequence of sixty-four constant 


32-bit words, KO, КІ, ..., K63. These words represent the first 
thirty-two bits of the fractional parts of the cube roots of the 
first sixty-four prime numbers. In hex, these constant words are as 


follows (from left to right): 


428а2Ғ98 71374491 Б5с0ҒосЕ e9b5dba5 
3956c25b 59f111f1 923f82a4 ablc5ed5 
d807aa98 12835501 243185be 550c7dc3 
72be5d74 80deblfe 9bdc06a7 c19bf174 
е49рб9с1 efbe4786 Ofcl19dc6 240calcc 
2de92c6f 4a7484aa 5cb0a9dc 76f988da 
983е5152 a831c66d 500327с8 bf597fc7 
c6e00bf3 d5a79147 06са6351 14292967 
27670a85 2e1b2138 442с64Ёс 53380413 
650a7354 766a0abb 81c2c92e 92722c85 
a2bfe8al а81а664р c24b8b70 c76c51a3 
d192e819 d6990624 £40e3585 106aa070 
19a4c116 1e376c08 2748774с 34b0bcb5 
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391c0cb3 4ed8aa4a 5b9cca4f 682e6ff3 
748Е82ее 78a5636f 84c87814 8cc70208 
90befffa a4506ceb bef9a3f7 c67178f2 
5.2. SHA-384 апа 5НА-512 
SHA-384 and 5НА-512 each use six logical 
function operates on 64-bit words, which 
z. The result of each function is a new 


functions, where each 
are represented as x, 
64-bit word. 


y, and 


CH( x, у, 2) = (x AND у) ХОК ( (NOT x) AND 2) 

МАӘ( x, у, 2) = (x AND у) ХОК (x AND 2) ХОК (у AND 2) 
BSIGO (x) = ROTR^28(x) XOR ROTR^34 (x) XOR ROTR^39 (x) 
BSIG1 (х) = ВОТВ^14(х) ХОК ROTR^18(x) XOR ROTR^41 (x) 
55160 (x) = ROTR^l(x) ХОК ROTR^8(x) ХОК $НВ^7 (x) 

SSIG1 (x) = ВОТВ^19(х) ХОК ROTR^61(x) ХОК SHR^6 (x) 


SHA-384 and SHA-512 use the same sequence of eighty constant 64-bit 
words, KO, КІ, K79. These words represent the first sixty-four 
bits of the fractional parts of the cube roots of the first eighty 


prime numbers. 
left to right): 


428а2Ғ98а728ае22 
3956c25bf348b538 
d807aa98a3030242 
72be5d74£275896f 
е49р69с19еҒ14аа2 
2de92c6f592b0275 
983e5152ee66dfab 
c6e00bf33da88fc2 
27р70а8546422ЁЁс 
650a73548baf63de 
a2bfe8al4cf10364 
d192e819d6ef5218 
19a4c116b8d2d0c8 
391c0cb3c5c95a63 
748f82ee5defb2fc 
90befffa23631e28 
ca273eceea26619c 
06£067aa72176fba 
28db77£523047d84 
Acc5d4becb3e42b6 
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In hex, 


7137449123ef65cd 
59Е111Е1рБ6054019 
12835b0145706fbe 
80deb1 fe3b1696b1 
efbe4786384f25e3 
4a7484aa6ea6e483 
a831c66d2db43210 
d5a79147930aa725 
2e1b21385c26c926 
766a0abb3c77b2a8 
а81а664ррс423001 
469906245565а910 
1e376c085141ab53 
4ed8aa4ae3418acb 
78а5636Е43172Е60 
a4506cebde82bde9 
d18658c721c0c207 
0a637dc5a2c898a6 
32caab7b40c72493 
597£299cfc657e2a 


these constant words are as follows 


b5cOfbcfec4d3b2f 
923£82a4af194f9b 
243185ре4ее4р28с 
9рас06а725с71235 
Ofcl9dc68b8cd5b5 
5cb0a9dcbd41fbd4 
b00327c898fb213F 
06ca6351e003826£f 
4d2c6dfc5ac42aed 
81c2c92e47edaee6 
c24b8b70d0f89791 
£40e35855771202a 
2748774cdf8eeb99 
5р9сса4#7763е373 
84c87814a1f0ab72 
ре#9а3#762с67915 
eada7dd6cde0eble 
113f9804bef90dae 
3c9ebe0a15c9bebc 
5fcb6fab3ad6faec 
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(from 


e9b5dba58189dbbc 
abic5ed5da6d8118 
550c7dc3d5ffb4e2 
cl9bf174cf692694 
240calcc77ac9c65 
76£988da831153b5 
bf597fc7beef0ee4 
142929670a0e6e70 
53380d139d95b3df 
92722c851482353b 
c76c51a30654be30 
106aa07032bbd1b8 
34b0bcb5el9b48a8 
682e6ff3d6b258a3 
8cc702081a6439ec 
c67178£2e372532b 
f57dAf7fee6ed178 
1b710b35131c471b 
431d67c49c100d4c 
6с44198с4а475817 
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6. 


6. 


6. 


Computing the Message Digest 


The output of each of the secure hash functions, after being applied 


to a message of N blocks, is the hash quantity H(N). For SHA-224 and 
SHA-256, H(i) can be considered to be eight 32-bit words, H(i)0, 
Н(1)1, ... H(i)7. For SHA-384 and SHA-512, it can be considered to 
be eight 64-bit words, Н(1)0, Н(1)1, ..., H(i)7. 


As described below, the hash words are initialized, modified as each 
message block is processed, and finally concatenated after processing 
the last block to yield the output. For SHA-256 and SHA-512, all of 
the H(N) variables are concatenated while the SHA-224 and SHA-384 
hashes are produced by omitting some from the final concatenation. 


Ie SHA-224 and SHA-256 Initialization 


For SHA-224, the initial hash value, H(0), consists of the following 
32-bit words in hex: 


= с1059еа8 
= 367cd507 
= 3070dd17 
= £70e5939 
= ffc00b31 
= 68581511 
= 64f98fa7 
= befa4fa4 


4 

ососсосооооо 

чо лмо Мо 
| 


For SHA-256, the initial hash value, Н(0), consists of the following 
eight 32-bit words, in hex. These words were obtained by taking the 
first thirty-two bits of the fractional parts of the square roots of 
the first eight prime numbers. 


= ба09е667 
= pb67ae85 
= 3c6ef372 
= а54ЕЕ5За 
= 510е527Е 
= 9b05688c 
= 1#83а9ар 
= 5be0cd19 


T3 EE SEE 
-4 су Ол о Мо 
| 


ососоооосооос 


4 
G 
——————— 


2. SHA-224 and SHA-256 Processing 


SHA-224 and SHA-256 perform identical processing on messages blocks 
and differ only in how H(0) is initialized and how they produce their 
final output. They may be used to hash a message, M, having a length 
of L bits, where 0 <= L « 2^64. The algorithm uses (1) a message 
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schedule of sixty-four 32-bit words, (2) eight working variables of 
32 bits each, and (3) a hash value of eight 32-bit words. 


The words of the message schedule are labeled WO, W1, ..., W63. The 
eight working variables are labeled а, b, с, d, e, f, а, and h. The 
words of the hash value are labeled Н(1)0, H(i)1, ..., H(i)7, which 


will hold the initial hash value, H(0), replaced by each successive 
intermediate hash value (after each message block is processed), 
H(i), and ending with the final hash value, H(N), after all N blocks 
are processed. They also use two temporary words, Т1 and T2. 


The input message is padded as described in Section 4.1 above then 
parsed into 512-bit blocks, which are considered to be composed of 16 
32-bit words М(1)0, М(1)1, ..., M(i)15. The following computations 
are then performed for each of the N message blocks. All addition is 
performed modulo 2^32. 


For i = 1 to N 


1. Prepare the message schedule W: 
For t = 0 to 15 
МЕ = M(i)t 
For t = 16 to 63 
Wt = SSIG1(W(t-2)) + W(t-7) + 55160 (t-15) + W(t-16) 


2. Initialize the working variables: 
= H(i-1)0 


о њмооо со 
ll 
I 


3. Perform the main hash computation: 
For t = 0 to 63 

Tl = h + BSIG1 (e) + CH(e,f,g) + Kt + Wt 

BSIGO(a) + MAJ(a,b,c) 


T2 = 

h=g 
g=f 

f = е 

е = а + T1 
а = с 

c=b 
b=a 

а = Т1 + T2 
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4. Compute the intermediate hash value H(i): 


H(i)0 = а + H(i-1)0 
H(i)l = b + H(i-1)1 
H(i)2 = c + H(i-1)2 
H(i)3 = d + H(i-1)3 
H(i)4 = е + H(i-1)4 
H(i)5 = f + H(i-1)5 
H(i)6 = g + H(i-1)6 
H(i)7 = h + H(i-1)7 


After the above computations have been sequentially performed for all 
of the blocks in the message, the final output is calculated. For 
SHA-256, this is the concatenation of all of Н(М)0, H(N)1, through 
H(N)7. For SHA-224, this is the concatenation of Н(М)0, H(N)1, 
through H(N) 6. 


6.3. 5НА-384 апа SHA-512 Initialization 


For 5НА-384, the initial hash value, H(0), consists of the following 
eight 64-bit words, in hex. These words were obtained by taking the 
first sixty-four bits of the fractional parts of the square roots of 
the ninth through sixteenth prime numbers. 


= cbbb9d5dc1059ed8 
= 629a292a367cd507 
= 9159015a3070dd17 
152fecd8f70e5939 
= 67332667ffc00b31 
= 8eb44a8768581511 
= db0c2e0d64f98fa7 
= 47b5481ldbefa4fa4 


HER lg, LE BB ч 

99999999 

чо л М9 о 
Ш 


For 5НА-512, the initial hash value, Н(0), consists of the following 
eight 64-bit words, in hex. These words were obtained by taking the 
first sixty-four bits of the fractional parts of the square roots of 
the first eight prime numbers. 


= ба09е667Е3рсс908 
= pb67ae8584caa73b 
= 3c6ef372fe94f82b 
= ab4ff53a5f1d36f1 
= 510e527fade682d1 
= 9b05688c2b3e6c1f 
= 1f83d9abfb4lbd6b 
= 5be0cd19137e2179 


LH ет By ce SE dd ЕТ 

ооооооо 

чо Олж о Мо 
| 
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6.4. 5НА-384 and SHA-512 Processing 


SHA-384 and SHA-512 perform identical processing on message blocks 
and differ only in how H(0) is initialized and how they produce their 
final output. They may be used to hash a message, M, having a length 
of L bits, where 0 <= L < 2^128. The algorithm uses (1) a message 
Schedule of eighty 64-bit words, (2) eight working variables of 64 
bits each, and (3) a hash value of eight 64-bit words. 


The words of the message schedule are labeled WO, W1, ..., W79. The 
eight working variables are labeled a, b, c, d, e, f, g, and h. The 
words of the hash value are labeled Н(1)0, Н(1)1, ..., H(i)7, which 
will hold the initial hash value, H(0), replaced by each successive 
intermediate hash value (after each message block is processed), 
H(i), and ending with the final hash value, H(N) after all N blocks 
are processed. 


The input message is padded as described in Section 4.2 above, then 
parsed into 1024-bit blocks, which are considered to be composed of 
16 64-bit words М(1)0, М(1)1, ..., M(i)15. The following 
computations are then performed for each of the N message blocks. 
All addition is performed modulo 2%64. 


For i = 1 to N 


1. Prepare the message schedule W: 


For t = 0 to 15 
wt = M(i)t 
For t = 16 to 79 


Wt = SSIG1(W(t-2)) + W(t-7) + 55160 (t-15) + W(t-16) 


2. Initialize the working variables: 


a H(i-1)0 
b = H(i-1)1 
c = H(i-1)2 
Я = H(i-1)3 
e = H(i-1)4 
f = H(i-1)5 
g = H(i-1)6 
h = H(i-1)7 


3. Perform the main hash computation: 
For t = 0 to 79 
Tl = h + BSIG1 (e) + CH(e,f,g) + Kt + Wt 
Т2 = BSIGO(a) + МАЈ (a,b,c) 


h=g 
g=f 
Е-е 
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e = а + T1 
а= с 
c=b 
b=a 
acm тї + T2 


4. Compute the intermediate hash value H(i): 


н(1)0 = a + H(i-1)0 
Н(1)1 = b + H(i-1)1 
H(i)2 = с + H(i-1)2 
H(i)3 = d + H(i-1)3 
H(i)4 =e + H(i-1)4 
H(i)5 = f + H(i-1)5 
H(i)6 = g + H(i-1)6 
H(i)7 = h + H(i-1)7 


After the above computations have been sequentially performed for all 
of the blocks in the message, the final output is calculated. For 
SHA-512, this is the concatenation of all of Н(М)0, H(N)1, through 
H(N)7. For SHA-384, this is the concatenation of Н(М)0, Н(М)1, 
through H(N)5. 


ү SHA-Based HMACs 


HMAC is a method for computing a keyed MAC (message authentication 
code) using a hash function as described in [RFC2104]. It uses a key 
to mix in with the input text to produce the final hash. 


Sample code is also provided, in Section 8.3 below, to perform HMAC 
based on any of the SHA algorithms described herein. The sample code 
found in [RFC2104] was written in terms of a specified text size. 
Since SHA is defined in terms of an arbitrary number of bits, the 
sample HMAC code has been written to allow the text input to HMAC to 
have an arbitrary number of octets and bits. A fixed-length 
interface is also provided. 


8. C Code for SHAs 


Below is a demonstration implementation of these secure hash 


functions in C. Section 8.1 contains the header file sha.h, which 
declares all constants, structures, and functions used by the sha and 
hmac functions. Section 8.2 contains the C code for shal.c, 


sha224-256.c, sha384-512.c, and usha.c along with sha-private.h, 
which provides some declarations common to all the sha functions. 
Section 8.3 contains the C code for the hmac functions. Section 8.4 
contains a test driver to exercise the code. 
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For each of the digest length $$$, there is the following set of 
constants, a structure, and functions: 


Constants: 
SHASSSHashSize number of octets in the hash 
SHASSSHashSizeBits number of bits in the hash 
SHASSS_Message_Block_Size 
number of octets used in the intermediate 
message blocks 
shaSuccess = 0 constant returned by each function on success 
shaNull = 1 constant returned by each function when 
presented with a null pointer parameter 
shaInputTooLong = 2 constant returned by each function when the 
input data is too long 


shaStateError constant returned by each function when 
SHASSS$Input is called after SHASS$$FinalBits or 
SHASS$Result. 
Structure: 


typedef SHASSSContext 
an opaque structure holding the complete state 
for producing the hash 


Functions: 
int SHASSSReset (SHASSSContext *); 
Reset the hash context state 
int SHASSSInput (SHASSSContext *, const uint8 t *octets, 
unsigned int bytecount); 
Incorporate bytecount octets into the hash. 
int SHASSSFinalBits (SHA$SSContext *, const uint8 t octet, 
unsigned int bitcount); 
Incorporate bitcount bits into the hash. The bits are in 
the upper portion of the octet. SHASS$SInput() cannot be 
called after this. 
int SHASSSResult (SHASSSContext *, 
uint8 t Message Digest[SHAS$S$S$HashSize]); 
Do the final calculations on the hash and copy the value 
into Message Digest. 


In addition, functions with the prefix USHA are provided that take a 
SHAversion value (SHASSS) to select the SHA function suite. They add 
the following constants, structure, and functions: 


Constants: 
shaBadParam constant returned by USHA functions when 
presented with a bad SHAversion (5НА555) 
parameter 
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SHASSS SHAversion enumeration values, used by usha 
and hmac functions to select the SHA function 
suite 

Structure: 


typedef USHAContext 
an opaque structure holding the complete state 
for producing the hash 


Functions: 
int USHAReset (USHAContext *, SHAversion whichSha) ; 

Reset the hash context state. 
int USHAInput (USHAContext *, 
const uint8 t *bytes, unsigned int bytecount) ; 
Incorporate bytecount octets into the hash. 
int USHAFinalBits (USHAContext *, 
const uint8 t bits, unsigned int bitcount); 
Incorporate bitcount bits into the hash. 
int USHAResult (USHAContext *, 
uint8 t Message Digest[USHAMaxHashSize]l); 
Do the final calculations on the hash and copy the value 

into Message Digest.  Octets in Message Digest beyond 
USHAHashSize(whichSha) are left untouched. 

int USHAHashSize(enum SHAversion whichSha); 

The number of octets in the given hash. 
int USHAHashSizeBits (enum SHAversion whichSha); 

The number of bits in the given hash. 
int USHABlockSize(enum SHAversion whichSha) ; 

The internal block size for the given hash. 


The hmac functions follow the same pattern to allow any length of 
text input to be used. 


Structure: 
typedef HMACContext an opaque structure holding the complete state 
for producing the hash 


Functions: 
int hmacReset (HMACContext *ctx, enum SHAversion whichSha, 
const unsigned char *key, int key len); 
Reset the hash context state. 
int hmacInput (HMACContext *ctx, const unsigned char *text, 
int text len); 
Incorporate text len octets into the hash. 
int hmacFinalBits (HMACContext *ctx, const uint8 t bits, 
unsigned int bitcount); 
Incorporate bitcount bits into the hash. 
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int hmacResult (HMACContext *ctx, 
uint8 t Message Digest[USHAMaxHashSize]l); 
Do the final calculations on the hash and copy the value 
into Message Digest.  Octets in Message Digest beyond 
USHAHashSize(whichSha) are left untouched. 


In addition, a combined interface is provided, similar to that shown 
in RFC 2104, that allows a fixed-length text input to be used. 


int hmac(SHAversion whichSha, 
const unsigned char *text, int text len, 
const unsigned char *key, int key len, 
uint8 t Message Digest[USHAMaxHashSize]l); 
Calculate the given digest for the given text and key, and 
return the resulting hash. Octets in Message Digest beyond 
USHAHashSize(whichSha) are left untouched. 


8.1. The .h File 


[RRR KK KKK KKK KKK KKK KKK KKK ke ke Ж К К sha.h KOKCkCkCk ck KK OK KK OK KKK KK OK / 


[RKRKKKKKK KKK KKK KK KKK See RFC 4634 for details ххх» / 
#ifndef SHAH. 
#define _SHA H_ 


/ 

Description: 
This file implements the Secure Hash Signature Standard 
algorithms as defined in the National Institute of Standards 
and Technology Federal Information Processing Standards 
Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2 
published on August 1, 2002, and the FIPS PUB 180-2 Change 
Notice published on February 28, 2004. 


A combined document showing all algorithms is available at 
http://csrc.nist.gov/publications/fips/ 
fips180-2/fips180-2withchangenotice.pdf 


The five hashes are defined in these sizes: 
SHA-1 20 byte / 160 bit 
SHA-224 28 byte / 224 bit 
SHA-256 32 byte / 256 bit 
SHA-384 48 byte / 384 bit 
SHA-512 64 byte / 512 bit 


+ + + Жж + o Хх Хх Хх Хх Хх Хх Хх ЭЭ. 


/ 
#include <stdint.h> 


/* 
* If you do not have the ISO standard stdint.h header file, then you 
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* must typedef the following: 

K name meaning 

* uint64 t unsigned 64 bit integer 

* "uint32-t unsigned 32 bit integer 

х uint8 t unsigned 8 bit integer (i.e., unsigned char) 
* int leastl16 t integer of >= 16 bits 

* 

*/ 


#ifndef  SHA enum. 
#define 5НА enum. 


/* 
* All SHA functions return one of these values. 
Ry 
enum { 
shaSuccess = 0, 
shaNull, /* Null pointer parameter */ 
shaInputTooLong, /* input data too long */ 
shaStateError, /* called Input after FinalBits or Result */ 
shaBadParam /* passed a bad parameter */ 


}; 
#endif /* 5НА enum */ 


/* 
* These constants hold size information for each of the SHA 
* hashing operations 


5НА1 Message Block Size = 64, SHA224 Message Block Size = 64, 
SHA256 Message Block Size = 64, SHA384 Message Block Size = 128, 
SHA512 Message Block Size - 128, 

USHA Max Message Block Size = SHA512 Message Block Size, 


SHAlHashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32, 
SHA384HashSize = 48, SHA512HashSize = 64, 
USHAMaxHashSize = SHA512HashSize, 


5 
5 
5 


AlHashSizeBits = 160, SHA224HashSizeBits = 224, 
IA256HashSizeBits = 256, SHA384HashSizeBits = 384, 
A512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits 


}; 
/* 


х These constants are used in the USHA (unified sha) functions. 
*/ 
typedef enum SHAversion { 
SHA1, SHA224, SHA256, SHA384, SHA512 
} SHAversion; 
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/* 
* This structure will hold context information for the SHA-1 
* hashing operation. 
*/ 
typedef struct SHAlContext { 
uint32 t Intermediate Hash[SHAlHashSize/4]; /* Message Digest */ 


uint32 t Length Low; /* Message length in bits */ 
uint32 t Length High; /* Message length in bits */ 
int leastl6 t Message Block Index;  /* Message Block array index */ 


/* 512-bit message blocks */ 
uint8 t Message Block[SHA1 Message Block Size]; 


int Computed; /* Is the digest computed? */ 
int Corrupteg; /* Is the digest corrupted? */ 
| SHAlContext; 


/* 
* This structure will hold context information for the SHA-256 
* hashing operation. 
СУ 
typedef struct SHA256Context ( 
uint32_t Intermediate Hash[SHA256HashSize/4]; /* Message Digest */ 


uint32 t Length Low; /* Message length in bits */ 
uint32 t Length High; /* Message length in bits */ 
int leastl6 t Message Block Index;  /* Message Block array index */ 


/* 512-bit message blocks */ 
uint8 t Message Block[SHA256 Message Block Size]; 


int Computed; /* Is the digest computed? */ 
int Corrupted; /* Is the digest corrupted? */ 
} SHA256Context; 


/* 
* This structure will hold context information for the SHA-512 
* hashing operation. 
*/ 
typedef struct SHA512Context { 
#ifdef USE_32BIT_ONLY 
uint32 t Intermediate Hash[SHA512HashSize/4]; /* Message Digest */ 
uint32 t Length[4]; /* Message length in bits */ 
felse /* !USE 32BIT ONLY */ 
uint64 t Intermediate Hash[SHA512HashSize/8]; /* Message Digest */ 
uint64 t Length Low, Length High; /* Message length in bits */ 
fendif /* USE 32BIT ONLY */ 
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int leastl6 t Message Block Index;  /* Message Block array index */ 
/* 1024-bit message blocks */ 
uint8 t Message Block[SHA512 Message Block Size]; 


int Computed; /* Is the digest computed?*/ 
int Corrupted; /* Is the digest corrupted? */ 
} SHA512Context; 


/* 
* This structure will hold context information for the SHA-224 
* hashing operation. It uses the SHA-256 structure for computation. 
AY 

typedef struct SHA256Context SHA224Context; 


/* 
* This structure will hold context information for the SHA-384 
* hashing operation. It uses the SHA-512 structure for computation. 
ЫГ 

typedef struct SHA512Context SHA384Context; 


/* 
* This structure holds context information for all SHA 
* hashing operations. 
х/ 
typedef struct USHAContext { 
int whichSha; /* which SHA is being used */ 
union { 
SHAlContext shalContext; 
SHA224Context sha224Context; SHA256Context sha256Context; 
SHA384Context sha384Context; SHA512Context sha512Context; 
| «СЕХФ 
р USHAContext; 


/* 
* This structure will hold context information for the HMAC 
* keyed hashing operation. 


nU. 
typedef struct HMACContext { 
int whichSha; /* which SHA is being used */ 
int hashSize; /* hash size of SHA being used */ 
int blockSize; /* block size of SHA being used */ 
USHAContext shaContext; /* SHA context */ 


unsigned char k opad[USHA Max Message Block Size]; 
/* outer padding - key XORd with opad */ 
) HMACContext; 
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SHAs and HMAC-SHAs 


* Function Prototypes 


Ж 


/* SHA-1 */ 


extern int 
extern int 


extern int 
extern int 
/* SHA-224 
extern int 
extern int 
extern int 
extern int 
/* SHA-256 
extern int 
extern int 
extern int 
extern int 
/* SHA-384 
extern int 
extern int 
extern int 
extern int 
/* SHA-512 
extern int 
extern int 


extern int 


extern int 


Eastlake 3rd & Hansen 


SHAlReset(SHAlContext *); 
SHAlInput(SHAlContext *, const uint8 t *bytes, 
unsigned int bytecount); 
SHA1FinalBits (ЅНА1Сопіехі *, const uint8 t bits, 
unsigned int bitcount); 
SHAlResult(SHAlContext *, 
uint8 t Message Digest[SHAlHashSize]); 


x 
SHA224Reset (SHA224Context *); 
SHA224 Input (SHA224Context *, const uint8_t *bytes, 
unsigned int bytecount); 
SHA224FinalBits (SHA224Context *, const uint8 t bits, 
unsigned int bitcount); 
SHA224Result(SHA224Context *, 
uint8 t Message Digest[SHA224HashSize]); 


*/ 
SHA256Reset(SHA256Context *); 
SHA256Input(SHA256Context *, const uint8 t *bytes, 
unsigned int bytecount); 
SHA256FinalBits (SHA256Context *, const uint8 t bits, 
unsigned int bitcount); 
SHA256Result(SHA256Context *, 
uint8 t Message Digest[SHA256HashSize]l); 


*/ 
SHA384Reset (SHA384Context *); 
SHA384Input (SHA384Context *, const uint8_t *bytes, 
unsigned int bytecount) ; 
SHA384FinalBits (SHA384Context *, const uint8 t bits, 
unsigned int bitcount); 
SHA384Result(SHA384Context *, 
uint8 t Message Digest[SHA384HashSize]l); 


ЖАУ. 
SHA512Reset (SHA512Context *); 
SHA512Input (SHA512Context *, const uint8_t *bytes, 
unsigned int bytecount) ; 
SHA512FinalBits (SHA512Context *, const uint8_t bits, 
unsigned int bitcount); 
SHA512Result(SHA512Context *, 
uint8 t Message Digest[SHA512HashSize]); 
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/* Unified SHA functions, chosen by whichSha */ 

extern int USHAReset (USHAContext *, SHAversion whichSha) ; 

extern int USHAInput (USHAContext *, 

const uint8 t *bytes, unsigned int bytecount) ; 
extern int USHAFinalBits (USHAContext *, 

const uint8_t bits, unsigned int bitcount); 
extern int USHAResult (USHAContext *, 

uint8 t Message Digest[USHAMaxHashSize]l); 
extern int USHABlockSize(enum SHAversion whichSha); 

extern int USHAHashSize(enum SHAversion whichSha); 

extern int USHAHashSizeBits (enum SHAversion whichSha); 


/* 
* HMAC Keyed-Hashing for Message Authentication, RFC2104, 

* for all SHAs. 

* This interface allows a fixed-length text input to be used. 
ЫГ 


extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */ 


const unsigned char *text, /* pointer to data stream */ 

int text_len, /* length of data stream */ 

const unsigned char *key, /* pointer to authentication key */ 
int key_len, /* length of authentication key */ 
uint8_t digest [USHAMaxHashSize]); /* caller digest to fill in */ 


/* 
* HMAC Keyed-Hashing for Message Authentication, RFC2104, 
* for all SHAs. 
* This interface allows any length of text input to be used. 
*/ 
extern int hmacReset (HMACContext *ctx, enum SHAversion whichSha, 
const unsigned char *key, int key_len); 
extern int hmacInput (HMACContext *ctx, const unsigned char *text, 
int text len); 


extern int hmacFinalBits (HMACContext *ctx, const uint8 t bits, 
unsigned int bitcount); 
extern int hmacResult (HMACContext *ctx, 
uint8_t digest [USHAMaxHashSize]); 


#endif /* SHAH */ 
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8 


8 


/ * 
/ * 
/ * 


+ + + + + Хх Хх o Ob Хх Хх Хх Хх Хх OX 0X OX +» OR OX F OX OX F OX o o Xo Xo OF OF OF 


.2. The SHA Code 


This code is primarily intended as expository and could be optimized 
further. For example, the assignment rotations through the variables 
a, b, ..., h could be treated as a cycle and the loop unrolled, 
rather than doing the explicit copying. 


Note that there are alternative representations of the Ch() and Maj() 
functions controlled by an ifdef. 


2.2.1. -вһатшс 


ACkCk ck ckck ck ck ck ck ck ck ck ck k ck ck ck ck kk kk ЖКЖ Ж shal.c KOK KKK kck ck ххк KK KK KK KK / 


KKKKKKKKKKKKKKKKKKK See RFC 4634 for details Okckckck ckokck sk KK KK KK / 


Description: 
This file implements the Secure Hash Signature Standard 
algorithms as defined in the National Institute of Standards 
and Technology Federal Information Processing Standards 
Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2 
published on August 1, 2002, and the FIPS PUB 180-2 Change 
Notice published on February 28, 2004. 


A combined document showing all algorithms is available at 
http://csrc.nist.gov/publications/fips/ 
fips180-2/fips180-2withchangenotice.pdf 


The SHA-1 algorithm produces a 160-bit message digest for a 
given data stream. It should take about 2**n steps to find a 
message with the same digest as a given message and 

2**(n/2) to find any two messages with the same digest, 

when n is the digest size in bits. Therefore, this 

algorithm can serve as a means of providing a 

"fingerprint" for a message. 


Portability Issues: 


SHA-1 is defined in terms of 32-bit "words". This code 
uses «stdint.h» (included via "sha.h") to define 32 and 8 
bit unsigned integer types. If your C compiler does not 
support 32 bit unsigned integers, this code is not 
appropriate. 

Caveats: 


SHA-1 is designed to work with messages less than 2^64 bits 
long. This implementation uses SHAlInput() to hash the bits 
that are a multiple of the size of an 8-bit character, and then 
uses SHAlFinalBits() to hash the final few bits of the input. 


Eastlake 3rd & Hansen Informational [Page 24] 


RFC 4634 SHAs апа HMAC-SHAs July 2006 


finclude "sha.n" 
#include "sha-private.h" 


/ * 

* Define the 5НА1 circular left shift macro 

жу 
#define SHA1_ROTL(bits,word) \ 

(((word) << (bits)) | ((word) >> (32-(bits)))) 

/* 

* add "length" to the length 

x 


static uint32 t addTemp; 
#define SHAlAddLength (context, length) 
(addTemp = (context)-»Length Low, 
(context)-»Corrupted = 
(((context)-»Length Low += (length)) < addTemp) && 
(**(context)-»Length High == 0) ? 1: 0) 


жа CEP жарай 


/* Local Function Prototypes */ 

static void SHAlFinalize(SHAlContext *context, uint8 t Pad Byte); 
static void SHAlPadMessage(SHAlContext *, uint8 t Pad Byte); 
static void SHAlProcessMessageBlock(SHAlContext *); 


/ 
SHAlReset 


Description: 
This function will initialize the SHAlContext in preparation 
for computing a new 5НА1 message digest. 


Parameters: 
context: [in/out] 
The context to reset. 


Returns: 
sha Error Code. 


+ + X F X Xo X Xo Xo F Xo Ro ++ + 


int SHAlReset(SHAlContext *context) 


if (!context) 
return shaNull; 


context-»Length Low = 0; 
context-»Length High = 0; 
context-»Message Block Index = 0; 
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/* Initial Hash Values: 
context-»Intermediate Hash[0] 
context-»Intermediate Hash[1] 
context-»Intermediate Hash[2] 
context-»Intermediate Hash[3] 
context-»Intermediate Hash[4] 


context-»Computed = 0; 
context-»Corrupted 0; 


return shaSuccess; 


SHA1 Input 
Description: 
of the message. 


Parameters: 
context: [in/out] 


message_array: [in] 


the message. 
length: [in] 


SHAs and HMAC-SHAs 


July 2006 


FIPS-180-2 section 5.3.1 */ 


= 0x67452301; 
= OxEFCDAB89; 
= 0x98BADCFE; 
= 0x10325476; 
= 0xC3D2E1F0; 


This function accepts an array of octets as the next portion 


The SHA context to update 


An array of characters representing the next portion of 


The length of the message in message_array 


Returns: 
sha Error Code. 


+ + + 0X 0X + + Хх Хх Хх ХХ 0 Хх Хх Хх xot o X 


/ 


int SHAlInput(SHAlContext *context, 


const uint8_t *message_array, 
{ 
if (!length) 
return shaSuccess; 


if (!context || !message array) 
return shaNull; 


unsigned length) 


if (context-»Computed) { 
context-»Corrupted = shaStateError; 
return shaStateError; 
} 
if (context-»Corrupted) 
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return context-—>Corrupted; 


while (length-- && !context-»Corrupted) { 
context-»Message Block[context-»Message Block Іпаех++] = 
(*message array & OxFF); 


if (!SHAlAddLength(context, 8) && 
(context-»Message Block Index == SHA1 Message Block Size)) 


SHAlProcessMessageBlock (context); 


message аггау++; 


} 


return shaSuccess; 


М. 


+ + + + + Хх Хх Хх Хх Хх Хх Хх Хх Жж + OR Ro F X 


SHA1FinalBits 


Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0b00000### to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 
/ 
int SHAlFinalBits (SHAlContext *context, const uint8 t message bits, 
unsigned int length) 
{ 
uint8_t masks[8] = { 
/* 0 0500000000 */ 0x00, /* 
/* 2 0011000000 */ OxCO, /* 
/* 4 0b11110000 */ OxFO, /* 
/* 6 0b11111100 */ OxFC, /* 


0010000000 */ 0x80, 
0011100000 */ OxEO, 
0011111000 */ OxF8, 
0011111110 */ OxFE 


аш 


}; 

uint8_t markbit[8] = { 
/* 0 0510000000 */ 0x80, /* 1 0501000000 */ 0x40, 
/* 2 0500100000 */ 0x20, /* З 0500010000 */ 0x10, 
/* 4 0500001000 */ 0x08, /* 5 0500000100 */ 0x04, 
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/* 6 0500000010 */ 0x02, /* 7 0600000001 */ 0x01 
}; 


if (!length) 
return shaSuccess; 


if (!context) 
return shaNull; 


if (context->Computed || (length >= 8) || (length == 0)) { 
context-»Corrupted = shaStateError; 
return shaStateError; 


} 


if (context-»Corrupted) 
return context-»Corruptegd; 


SHAlAddLength(context, length); 
SHAlFinalize(context, 


(uint8 t) ((message bits 8 masks[length]) | markbit [length])); 


return shaSuccess; 


/* 
* SHAlResult 

* 

* Description: 

* This function will return the 160-bit message digest into the 
* Message_Digest array provided by the caller. 

* NOTE: The first octet of hash is stored in the Oth element, 

* the last octet of hash in the 19th element. 

ж 

* Parameters: 

* context: [in/out] 

f The context to use to calculate the SHA-1 hash. 

* Message Digest: [out] 

Ж Where the digest is returned. 

ж 

* Returns: 

* sha Error Code. 

* 

* 


/ 

int SHAlResult(SHAlContext *context, 
uint8 t Message Digest[SHAlHashSize]) 

( 


int i; 
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if (!context || !Message Digest) 
return shaNull; 


if (context-»Corrupted) 
return context-—>Corrupted; 


if (!context-»Computed) 
SHAlFinalize(context, 0x80); 


for (i = 0; і < SHAlHashSize; ++i) 
Message Digest[i] = (uint8 t) (context-»Intermediate Hash[i»»2] 


>> 8* (3- (i & 0x03 ) )); 


return shaSuccess; 


/* 
* SHAlFinalize 

* 

* Description: 

* This helper function finishes off the digest calculations. 

* 

* Parameters: 

* context: [in/out] 

Шш The SHA context to update 

* Pad_Byte: [in] 

* The last byte to add to the digest before the 0-padding 

X and length. This will contain the last bits of the message 
Е followed by another single bit. If the message was ап 

* exact multiple of 8-bits long, Pad Byte will be 0x80. 

* 

* Returns: 

* sha Error Code. 

ж 

*/ 


static void SHAlFinalize(SHAlContext *context, uint8 t Pad Byte) 
{ 

THE L? 

SHA1PadMessage (context, Pad Byte); 

/* message may be sensitive, clear it out */ 

for (1 = 0; i < 5НА1 Message Block Size; 441) 

context-»Message Block[i] = 0; 

context-»Length Low = 0; /* and clear length */ 

context-»Length High = 0; 

context-»Computed = 1; 


/ * 
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SHAlPadMessage 


Description: 
According to the standard, the message must be padded to an 
even 512 bits. The first padding bit must be a '1'. The last 
64 bits represent the length of the original message. All bits 
in between should be 0. This helper function will pad the 
message according to those rules by filling the Message Block 
array accordingly. When it returns, it can be assumed that the 
message digest has been computed. 


Parameters: 

context: [in/out] 
The context to pad 

Pad Byte: [in] 
The last byte to add to the digest before the 0-padding 
and length. This will contain the last bits of the message 
followed by another single bit. If the message was an 
exact multiple of 8-bits long, Pad Byte will be 0x80. 


Returns: 
Nothing. 


ж 


xy 
static void SHAlPadMessage(SHAlContext *context, uint8 t Pad Byte) 
{ 


* Check to see if the current message block is too small to hold 
* the initial padding bits and length. If so, we will pad the 
* block, process it, and then continue padding into a second 
* block. 
*/ 
if (context-»Message Block Index >= (SHA1 Message Block Size - 8)) { 
context-»Message Block[context-»Message Block Іпаех++] = Pad Byte; 
while (context-»Message Block Index < SHA1 Message Block Size) 
context-»Message Block[context-»Message Block Іпаех++] = 0; 


SHAlProcessMessageBlock (context); 
) else 
context-»Message Block[context-»Message Block Index-**] = Pad Byte; 


while (context-»Message Block Index < (5НА1 Message Block Size - 8)) 
context-»Message Block[context-»Message Block Іпаех++] = 0; 


/* 
* Store the message length as the last 8 octets 
*/ 
context-»Message Block[56] = (uint8 t) (context-»Length High >> 24); 
context-»Message Block[57] = (uint8 t) (context-»Length High >> 16); 
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context-»Message Block[58] = (uint8 t) (context-»Length High 
context-»Message Block[59] = (uint8 t) (context-»Length High) 
context-»Message Block[60] = (uint8 t) (context-»Length Low > 
context-»Message Block[61] = (uint8 t) (context-»Length Low > 
context-»Message Block[62] = (uint8 t) (context-»Length Low > 
context-»Message Block[63] = (uint8 t) (context-»Length Low); 


SHAlProcessMessageBlock (context); 


* 

* SHAlProcessMessageBlock 

* 

* Description: 

* This helper function will process the next 512 bits of the 
x message stored in the Message_Block array. 

ж 

* Parameters: 

* None. 

* 

* Returns: 

* Nothing. 

* 

* Comments: 

* Many of the variable names in this code, especially the 
Ж single character names, меге used because those were the 
Ж names used in the publication. 

x 


static void SHAlProcessMessageBlock(SHAlContext *context) 


{ 


/* Constants defined in FIPS-180-2, section 4.2.1 */ 
const uint32_t K[4] = { 

0x5A827999, Ox6ED9EBA1, Ox8FIBBCDC, OxCA62C1D6 
}; 


int E /* Loop counter */ 

uint32 t temp; /* Temporary word value */ 
uint32 t W[80]; /* Word sequence */ 

uint32 t Ay BUDE; /* Word buffers */ 

/* 


* Initialize the first 16 words in the array W 


*/ 


for (t = 0; t < 16; +++) { 
М [Е] ((uint32 t)context-»Message Block[t * 41) << 24; 
W[t] |= ((uint32 t)context-»Message Block[t * 4 + 11) << 16 
W[t] |= ((uint32 t)context-»Message Block[t * 4 + 21) << 8; 
W[t] |= ((uint32 t)context-»Message Block[t * 4 + 3]); 
} 
Eastlake 3rd & Hansen Informational 
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>> 8); 
> 24); 
> 16) 
> 8); 


T 


, 
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for (t = 16; t < 80; +++) 
W[t] 5НАІ ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); 


= context-»Intermediate Hash[0]; 
= context-»Intermediate Hash[1]; 
context-»Intermediate Hash[2]; 
= context-»Intermediate Hash[3]; 
= context-»Intermediate Hash[4]; 


ооо» 
ll 


for (t = 0; t < 20; ttt) { 
temp = 5НА1 ROTL(5,A) + 5НА Ch(B, С, D) + Е + W[t] + K[0]; 


E D; 

D = С; 

С = SHA1_ROTL(30,B); 
B = A; 

A = temp; 


for (t = 20; t < 40; +++) { 
temp = 5НА1 ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1]; 


E = D; 

D = C; 

С = SHA1_ROTL(30,B); 
B = A; 

A = temp; 


for (t = 40; t < 60; +++) { 
temp = SHA1 ROTL(5,A) + SHA Maj(B, C, D) + E + W[t] + K[2]; 


E Dis 

D = С; 

С = SHA1_ROTL(30,B); 
B = A; 

A = temp; 


} 


for (t = 60; t < 80; t++) { 
temp = 5НА1 ROTL(5,A) + SHA Parity(B, C, D) + E + W[t] + K[3]; 
= D; 
E 
= 5НА1 ROTL(30,B); 
= A; 
= temp; 


оон 


} 
context-»Intermediate Hash[0] += А; 


context-»Intermediate Hash[1] += B; 
context-»Intermediate Hash[2] += C; 


Eastlake 3rd & Hansen Informational [Page 32] 


RFC 4634 SHAs апа HMAC-SHAs July 2006 


context-»Intermediate Hash[3] += р; 
context-»Intermediate Hash[4] += E; 


context-»Message Block Index = 0; 


} 


8.2.2.  sha224-256.c 


[RKRKKKKKK KKK KKK KKK KKK KK KK KKK sha224-256.c KOKCkCkCkck kck ck kck ck KK KK KK ke ke ke k x / 
[KKK KKK KK KKK KKK KK KK KKK See RFC 4634 for details KOK KKK KK KK KK KK / 


/* 


ж 


Description: 
This file implements the Secure Hash Signature Standard 
algorithms as defined in the National Institute of Standards 
and Technology Federal Information Processing Standards 
Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2 
published on August 1, 2002, and the FIPS PUB 180-2 Change 
Notice published on February 28, 2004. 


A combined document showing all algorithms is available at 
http://csrc.nist.gov/publications/fips/ 
fips180-2/fips180-2withchangenotice.pdf 


The SHA-224 and SHA-256 algorithms produce 224-bit and 256-bit 
message digests for a given data stream. It should take about 
2**n steps to find a message with the same digest as a given 
message and 2**(n/2) to find any two messages with the same 
digest, when n is the digest size in bits. Therefore, this 
algorithm can serve as a means of providing a 

"fingerprint" for a message. 


Portability Issues: 
SHA-224 and SHA-256 are defined in terms of 32-bit "words". 
This code uses «stdint.h» (included via "sha.h") to define 32 
and 8 bit unsigned integer types. If your C compiler does not 
support 32 bit unsigned integers, this code is not 
appropriate. 


Caveats: 
SHA-224 and SHA-256 are designed to work with messages less 
than 2^64 bits long. This implementation uses SHA224/256Input () 
to hash the bits that are a multiple of the size of an 8-bit 
character, and then uses SHA224/256FinalBits() to hash the 
final few bits of the input. 


+ + ЖЖЖ + Oo Хх Хх +» Хх Хх Хх Хх Хх 0 Хх Хх Хх ++» + F OR Ro + X Xo Xo X 


/ 


finclude "sha.h" 
#include "sha-private.h" 
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/* Define the SHA shift, rotate left and rotate right macro */ 


#define SHA256 SHR(bits,word) ((word) »» (bits)) 

#define SHA256 ROTL(bits,word) \ 
(((word) << (bits)) | ((word) >> (32-(bits)))) 

#define SHA256_ROTR(bits, word) \ 
(((word) >> (bits)) | ((word) << (32-(bits)))) 


/* Define the SHA SIGMA and sigma macros */ 
#define SHA256_SIGMAO (word) \ 

(SHA256_ROTR( 2,word) ^ SHA256_ROTR(13,word) ^ SHA256_ROTR(22,word) ) 
#define 5НА256 51СМА1 (word) \ 

(SHA256_ROTR( 6,word) ^ SHA256_ROTR(11,word) ^ SHA256_ROTR(25,word) ) 


#define SHA256 sigma0 (word) \ 
(SHA256_ROTR( 7,word) ^ SHA256_ROTR(18,word) ^ SHA256_SHR( 3,word) ) 
#define SHA256_sigmal (word) \ 


(SHA256_ROTR(17,word) ^ SHA256_ROTR(19,word) ^ SHA256_SHR(10,word) ) 


/* 
* add "length" to the length 
*/ 

static uint32_t addTemp; 


#define SHA224 256AddLength (context, length) \ 
(addTemp = (context)-»Length Low, (context)->Corrupted = х 
(( (context) ->Length_Low += (length)) < addTemp) && \ 

(++ (context) —->Length_High == 0) ? 1: 0) 


/* Local Function Prototypes */ 
static void 5НА224 256Finalize(SHA256Context *context, 

uint8_t Pad_Byte); 
static void 5НА224 256PadMessage (SHA256Context *context, 

uint8_t Pad Byte); 
static void SHA224 256ProcessMessageBlock(SHA256Context *context); 
static int SHA224 256Reset(SHA256Context *context, uint32 t *H0); 
static int SHA224 256ResultN(SHA256Context *context, 

uint8 t Message Digest[], int HashSize); 


/* Initial Hash Values: FIPS-180-2 Change Notice 1 */ 

static uint32 t SHA224 HO[SHA256HashSize/4] = ( 
OxC1059ED8, 0x367CD507, 0x3070DD17, 0хЕ70Е5939, 
OxFFCOOB31, 0x68581511, 0х64Е98ЕА7, OxBEFA4FA4 

}; 


/* Initial Hash Values: FIPS-180-2 section 5.3.2 */ 

static uint32 t SHA256 HO[SHA256HashSize/4] = { 
0х6А09Е667, OxBB67AE85, Ox3C6EF372, OxA5AFF53A, 
0х510Е527Е, 0x9B05688C, Ox1F83D9AB, Ox5BEOCD19 

}; 
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SHA224Reset 


Description: 
This function will initialize the SHA384Context in preparation 
for computing a new SHA224 message digest. 


Parameters: 
context: [in/out] 
The context to reset. 


Returns: 
sha Error Code. 


+ + + X ИЕ. + Хх Хх Хх Хх Ж. o X 


/ 
int SHA224Reset (SHA224Context *context) 
{ 
return SHA224 256Reset (context, 5НА224 НО), 
} 


SHA224Input 


Description: 
This function accepts an array of octets as the next portion 
of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_array: [in] 
An array of characters representing the next portion of 
the message. 

length: [in] 
The length of the message in message_array 


Returns: 
sha Error Code. 


+ + + э» Xo + Хх F Хх Хх + Хх Хх Хх xo o X 


/ 

int SHA224Input (SHA224Context *context, const uint8_t *message_array, 
unsigned int length) 

{ 


return SHA256Input (context, message_array, length); 


} 
/* 
* SHA224FinalBits 


ж 
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Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0500000### to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


+ + ЖЖЖ + Хх Хх xo ХХ Жж 


Returns: 
sha Error Code. 


ж 


*/ 
int SHA224FinalBits( SHA224Context *context, 
const uint8 t message bits, unsigned int length) 


{ 
return SHA256FinalBits (context, message bits, length); 
} 


/* 
* SHA224Result 

ж 

* Description: 

Ж This function will return the 224-bit message 

* digest into the Message_Digest array provided by the caller. 
* NOTE: The first octet of hash is stored in the Oth element, 
* the last octet of hash in the 28th element. 

ж 

* Parameters: 

* context: [in/out] 

K The context to use to calculate the SHA hash. 

* Message_Digest: [out] 

* Where the digest is returned. 

ж 

* Returns: 

* sha Error Code. 

*/ 


int SHA224Result(SHA224Context *context, 
uint8 t Message Digest[SHA224HashSize]) 
{ 
return SHA224 256ResultN(context, Message Digest, SHA224HashSize) ; 


} 


/* 
* SHA256Reset 
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Description: 


Parameters: 
context: [in/out] 
The context to reset. 


Returns: 
sha Error Code. 


+ + + + + Хх Ж Хх Ж. o X 


/ 


int SHA256Reset (SHA256Context *context) 


{ 


} 


int SHA256Input(SHA256Context *context, 


{ 


return 5НА224 256Reset (context, 5НА256 H0); 


SHA256Input 
Description: 
of the message. 
Parameters: 
context: [in/out] 
The SHA context to update 
message array: [in] 
the message. 


length: [in] 


Returns: 
sha Error Code. 


+ + + ok oko oo oo Хх Хх Хх Хх Хх Хх Хх OR + F o X 


/ 


unsigned int length) 


if (!length) 
return shaSuccess; 


if (!context || !message array) 
return shaNull; 


if (context-»Computed) { 
context-»Corrupted = shaStateError; 
return shaStateError; 
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An array of characters representing the next portion of 


The length of the message in message array 


July 2006 


This function will initialize the SHA256Context in preparation 
for computing a new SHA256 message digest. 


This function accepts an array of octets as the next portion 


const uint8 t *message array, 
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} 


if (context-»Corrupted) 
return context-—>Corrupted; 


while (length-- && !context-»Corrupted) { 
context-»Message Block[context-»Message Block Іпаех++] = 
(*message array & OxFF); 


if (!SHA224 256AddLength(context, 8) && 
(context-»Message Block Index == SHA256 Message Block Size)) 
SHA224 256ProcessMessageBlock (context); 


message аггау++; 


} 


return shaSuccess; 


М. 


+ + X 0X 0X + + Хх Хх ХХХ Ro Ro oo ж OF 


SHA256FinalBits 


Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0b00000### to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 
/ 
int SHA256FinalBits(SHA256Context *context, 
const uint8 t message bits, unsigned int length) 
{ 
uint8_t masks[8] = { 
/* 0 0500000000 */ 0x00, /% 1 0010000000 */ 0x80, 
/* 2 0511000000 */ OxCO, /* 3 0011100000 */ OxEO, 
/* 4 0611110000 */ OxFO, /* 5 0011111000 */ OxF8, 
/* 6 0611111100 */ OxFC, /* 7 0b11111110 */ OxFE 
}; 
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uint8 t markbit[8] = ( 
/* 0 0510000000 */ 0x80, /* 
/* 2 0500100000 */ 0x20, /* 
/* 4 0600001000 */ 0x08, /* 
/* 6 0500000010 */ 0x02, /* 


0501000000 */ 0x40, 
0500010000 */ 0x10, 
0000000100 */ 0x04, 
0000000001 */ 0x01 


аш 


}; 


if (!length) 
return shaSuccess; 


if (!context) 
return shaNull; 


if ((context-»Computed) || (length >= 8) || (length == 0)) { 
context-»Corrupted = shaStateError; 
return shaStateError; 


} 


if (context-»Corrupted) 
return context-»Corruptegd; 


SHA224 256AddLength(context, length); 
SHA224 256Finalize(context, (01058 t) 
((message bits & masks[length]) | markbit [length])); 


return shaSuccess; 


/* 
* SHA256Result 

ж 

* Description: 

* This function will return the 256-bit message 

X digest into the Message_Digest array provided by the caller. 
* NOTE: The first octet of hash is stored in the Oth element, 
* the last octet of hash in the 32nd element. 

ж 

* Parameters: 

* context: [in/out] 

Ж The context to use to calculate the SHA hash. 

* Message_Digest: [out] 

2 Where the digest is returned. 

ж 

* Returns: 

* sha Error Code. 

*/ 


int SHA256Result (SHA256Context *context, uint8 t Message_Digest[]) 
{ 
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return SHA224 256ResultN(context, Message Digest, SHA256HashSize); 


/* 
* SHA224 256Finalize 

* 

* Description: 

* This helper function finishes off the digest calculations. 

* 

* Parameters: 

d context: [in/out] 

Ш The SHA context to update 

* Pad_Byte: [in] 

* The last byte to add to the digest before the 0-padding 

* and length. This will contain the last bits of the message 
K followed by another single bit. If the message was an 

* exact multiple of 8-bits long, Pad Byte will be 0x80. 

* 

* Returns: 

* sha Error Code. 

жу. 


static void SHA224 256Finalize(SHA256Context *context, 
uint8_t Pad_Byte) 
{ 
int i; 
SHA224_256PadMessage (context, Pad Byte); 
/* message may be sensitive, so clear it out */ 
for (1 = 0; i < SHA256_Message_Block_Size; ++i) 
context-»Message Block[i] = 0; 
context-»Length Low = 0; /* and clear length */ 
context-»Length High = 0; 


context-»Computed = 1; 
} 
/* 
* SHA224 256PadMessage 
* 
* Description: 
Е According to the standard, the message must ре padded to ап 
* even 512 bits. The first padding bit must be а ‘1’. The 
* last 64 bits represent the length of the original message. 
Е All bits in between should be 0. This helper function will раа 
* the message according to those rules by filling the 
Ds Message Block array accordingly. When it returns, it can be 
Ж assumed that the message digest has been computed. 
ж 
* Parameters: 
* context: [in/out] 
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ж 


ж 


The context to pad 
Pad_Byte: [in] 
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The last byte to add to the digest before the 0-padding 


and length. This will 


contain the last bits of the message 


followed by another single bit. If the message was an 
exact multiple of 8-bits long, Pad Byte will be 0x80. 


Returns: 
Nothing. 
/ 


static void SHA224 256PadMessage(SHA256Context *context, 


{ 


} 
/ж 


uint8_t Pad_Byte) 


* Check to see if the current message block is too small to hold 
* the initial padding bits and length. If so, we will pad the 
* block, process it, and then continue padding into a second 


* block. 
х/ 


if (context-»Message Block Index >= (SHA256 Message Block Size-8)) { 
context-»Message Block[context-»Message Block Іпаех++] = Pad Byte; 
while (context-»Message Block Index < SHA256 Message Block Size) 


context-»Message Block 


[context-»Message Block Іпаех++] = 0; 


SHA224 256ProcessMessage 
) else 


Block(context); 


context-»Message Block[context-»Message Block Іпаех++] = Pad Byte; 


while (context-»Message Block Index < (SHA256 Message Block Size-8)) 
context-»Message Block[context-»Message Block Іпаех++] = 0; 


/ * 


* Store the message length as the last 8 octets 


ЖУ. 
context—>Message_Block [56] 
context-»Message Block[57] 
context-»Message Block[58] 
context-»Message Block[59] 
context-»Message Block[60] 
context-»Message Block[61] 
context-»Message Block[62] 
context-»Message Block[63] 


= (uint8 t) (context-»Length High >> 24); 
= (uint8 t) (context-»Length High >> 16); 
= (uint8 t) (context-»Length High >> 8); 
= (uint8 t) (context-»Length High); 

= (uint8 t) (context-»Length Low >> 24); 
= (uint8 t) (context-»Length Low >> 16); 
= (uint8 t) (context-»Length Low >> 8); 

= (uint8 t) (context-»Length Low); 


SHA224 256ProcessMessageBlock (context); 


* SHA224 256ProcessMessageBlock 


* 
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* Description: 
X This function will process the next 512 bits of the message 
Ж stored іп the Message_Block array. 
ж 
* Parameters: 
* context: [in/out] 
* The SHA context to update 
* 
* Returns: 
* Nothing. 
* 
* Comments: 
* Many of the variable names in this code, especially the 
2 single character names, меге used because those were the 
* names used in the publication. 
AY 


static void SHA224 256ProcessMessageBlock(SHA256Context *context) 


{ 


/* Constants defined in FIPS-180-2, 


static const uint32_t K[64] 


}; 


int 


uint32_t 
uint32_t 
uint32 t 


/ * 


0x428a2f98, 
0x59f111f1, 
0x243185be, 
Oxc19bf174, 
0х24е92с6Е, 
0ха831с664, 
0х06са6351, 
0х53380413, 
Oxa2bfe8al, 
0xd6990624, 
0х2748774с, 
0x682e6ff3, 
Ox90befffa, 


t, 


0x71374491, 
0x923f82a4, 
0x550c7dc3, 
0хе49р69с1, 
0х4а7484аа, 
0хр00327с8, 
0х14292967, 
0х650а7354, 
Oxa81a664b, 
0х#40е3585, 
0x34b0bcb5, 
0x748f82ee, 
0ха4506сер, 


t4; 
templ, 
W[64]; 
A, B, C, 


temp2; 


25541 

Oxb5cOfbcf, 
0хар1с5е45, 
0х72ре5474, 
Oxefbe4786, 
Ox5cb0a9dc, 
0хрЕ597Ёс7, 
0x27b70a85, 
0x766a0abb, 
Oxc24b8b70, 
0х106аа070, 
0x391c0cb3, 
0x78a5636f, 
Oxbef9a3fT, 


/ * 
/ * 
/ * 
/ * 


section 4.2.2 */ 


Oxe9b5dba5, 
0х4807аа98, 
0x80deblfe, 
0х0Ғс19(4с6, 
0x76f988da, 
0xc6e00bf3, 
0х2е152138, 
0х81с2с92е, 
0хс76с51а3, 
0х19а4с116, 
0х4е48аа4а, 
0x84c87814, 
0хс67178Е2 


0x3956c25b, 
0х12835Ю01, 
0х9р4с06а7, 
0х240са1сс, 
0х983е5152, 
0xd5a79147, 
0х442с64Ёс, 
0х92722с85, 
0ха192е819, 
0х1е376с08, 
Ox5b9cca4f, 
0х8сс70208, 


Loop counter */ 
Temporary word value */ 
Word sequence */ 

Word buffers */ 


* Initialize the first 16 words in the array W 


*/ 


for 
W[t] 


Eastl 


(Е = Е 
sU 
( 
( 
( 


4 
(( 
(( 
(( 
(( 


ake 


0; 
uint32 t 
uint32 t 
uint32 t 
uint32 t 


Е < 16; 


м2 м2 ме ме 


Зга & Напѕеп 


ttt, 
context-»Message Block[t4]) 
context-»Message Block[t4 + 
context-»Message Block[t4 + 
context-»Message Block[t4 + 


t4 += 4) 


Informational 


«« 24) | 
1]) 
2]) 
31)); 


<< 16) | 
<< 8) | 
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for (t = 16; t < 64; +++) 
W[t] = SHA256 sigmal(W[t-2]) + W[t-7] + 
SHA256_sigmaO (W[t-15]) + W[t-16]; 


= context-»Intermediate Hash[6]; 
= context-»Intermediate Наѕһ [7]; 


А = context-»Intermediate Hash[0]; 
В = context-»Intermediate Hash[1]; 
С = context-»Intermediate Hash[2]; 
D = context-»Intermediate Hash[3]; 
E = context-»Intermediate Hash[4]; 
Е = context-»Intermediate Hash[5]; 
G 

H 


for (t = 0; t < 64; +++) { 
templ = H + 5НА256 51СМА1(Е) + SHA Ch(E,F,G) + K[t] + W[t]; 
temp2 SHA256_SIGMAO (A) + SHA Мај (А,В,С); 
= G; 


PWAUVHAAADA 
ll 
Q 


= templ + temp2; 
} 


context-»Intermediate Hash[0] += A; 
context-»Intermediate Hash[1] += B; 
context-»Intermediate Hash[2] += C; 
context-»Intermediate Hash[3] += D; 
context-»Intermediate Hash[4] += E; 
context-»Intermediate Hash[5] += Е; 
context-»Intermediate Hash[6] += С; 
context-»Intermediate Hash[7] += H; 
context-»Message Block Index = 0; 


SHA224 256Reset 


Description: 
This helper function will initialize the SHA256Context in 
preparation for computing a new SHA256 message digest. 


Parameters: 
context: [in/out] 
The context to reset. 


+ + + + + + хх F X 
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* HO 

Ж Тһе initial hash value to use. 
ж 

* Returns: 

* sha Error Code. 

чи 


static int SHA224 256Reset(SHA256Context *context, uint32 t *НО) 
{ 
if (!context) 
return shaNull; 


context-»Length Low = 0; 

context-»Length High = 0; 

context-»Message Block Index = 0; 

context-»Intermediate Hash[0] = НО(01, 
context-»Intermediate Hash[1] = HO[1]; 
context-»Intermediate Hash[2] = НО(21, 
context-»Intermediate Hash[3] = НО(31, 
context-»Intermediate Hash[4] = НО(41, 
context-»Intermediate Hash[5] = НО(51, 
context-»Intermediate Hash[6] = НО(61, 
context-»Intermediate Hash[7] = НО(71, 


context-»Computed = 0; 
context-»Corrupted = 0; 


return shaSuccess; 


/* 
* SHA224 256ResultN 

* 

* Description: 

* This helper function will return the 224-bit or 256-bit message 
* digest into the Message Digest array provided by the caller. 

* NOTE: The first octet of hash is stored in the Oth element, 

ж the last octet of hash in the 28th/32nd element. 

ж 

х Parameters: 

* context: [in/out] 

* The context to use to calculate the SHA hash. 

X Message_Digest: [out] 

Es Where the digest is returned. 

* HashSize: [in] 

* The size of the hash, either 28 ог 32. 

ж 

ж 


Returns: 
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a sha Error Code. 
Жу 
static int 5НА224 256ResultN(SHA256Context *context, 
uint8_t Message_Digest[], int HashSize) 
{ 


int i; 


if (!context | | !Message Digest) 
return shaNull; 


if (context-»Corrupted) 
return context-—>Corrupted; 


if (!context-»Computed) 
SHA224 256Finalize(context, 0x80); 


for (i = 0; i « HashSize; ++i) 
Message Digest[i] = (uint8 t) 
(context-»Intermediate Hash[i»»2] >> 8 * (3- (i & 0x03 ) )); 


return shaSuccess; 


} 


8.2.3. sha384-512.c 


[KKK KKK KK KKK KKK KKK KKK KK KK KKK sha384-512.c KOK KK ck kck ck kck ck KK / 
[KKK KKKKK KKK KKK KK KK e Ж Ж See RFC 4634 for details KOK KK KK KK / 


/* 


+ 


Description: 
This file implements the Secure Hash Signature Standard 
algorithms as defined in the National Institute of Standards 
and Technology Federal Information Processing Standards 
Publication (FIPS PUB) 180-1 published on April 17, 1995, 180-2 
published on August 1, 2002, and the FIPS PUB 180-2 Change 
Notice published on February 28, 2004. 


A combined document showing all algorithms is available at 
http://csrc.nist.gov/publications/fips/ 
fips180-2/fips180-2withchangenotice.pdf 


The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit 
message digests for a given data stream. It should take about 
2**n steps to find a message with the same digest as a given 
message and 2**(n/2) to find any two messages with the same 
digest, when n is the digest size in bits. Therefore, this 
algorithm can serve as a means of providing a 

"fingerprint" for a message. 


+ + + + + Хх Хх Хх Хх Хх Хх ЭГЭЭ 
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Portability Issues: 


SHA-384 and SHA-512 are defined in terms of 64-bit "words", 
but if USE 32BIT ONLY is #defined, this code is implemented in 
terms of 32-bit "words". This code uses «stdint.h» (included 
via "sha.h") to define the 64, 32 and 8 bit unsigned integer 
types. If your C compiler does not support 64 bit unsigned 
integers, and you do not #define USE 32BIT ONLY, this code is 
not appropriate. 


Caveats: 


SHA-384 and SHA-512 are designed to work with messages less 
than 2^128 bits long. This implementation uses 
SHA384/5121nput() to hash the bits that are a multiple of the 


Size of an 8-bit character, and then uses SHA384/256FinalBits() 


to hash the final few bits of the input. 


finclude "sha.h" 
#include "sha-private.h" 


#ifdef USE 32BIT ONLY 


/ * 


* Define 64-bit arithmetic in terms of 32-bit arithmetic. 
* Each 64-bit number is represented in a 2-word array. 


* All macros are defined such that the 


ж. 
/ж 
* Define shift, rotate left and rotate right functions 
*/ 

#define SHA512 SHR(bits, word, ret) ( \ 
/* (((uint64 t)((word))) >> (bits)) */ \ 
(ret) [0] = (((bits) < 32) вв ((bits) >= 0)) ? \ 

((word) [0] >> (bits)) : 0, \ 
(ret) [1] = ((bits) > 32) ? ((word) [0] >> ((bits) - 32)) \ 
((bits) == 32) ? (word) [0] \ 
((bits) >= 0) ? \ 
(((word) [0] << (32 - (bits))) | \ 
((word) [1] >> (bits))) : 0) 

#define SHA512 SHL(bits, word, ret) ( \ 
/* (((uint64_t) (word)) << (bits)) */ \ 
(ret) [0] = ((bits) > 32) ? ((word) [1] << ((bits) - 32)) \ 

((bits) == 32) ? (word) [1] \ 
((bits) >= 0) ? \ 
(((word) [0] << (bits)) | \ 
((word) [1] >> (32 - (bits)))) \ 


2006 


result is the last parameter. 
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(ret)[1] = (((bits) < 32) && ((bits) >= 0)) ? 
((word) [1] << (bits)) : 0 ) 


/* 
* Define 64-bit OR 
*/ 
#define SHA512 OR(wordl, word2, ret) ( 
(ret) [0] = (мога1) [0] (word2) [0], 
(ret) [1] = (wordl1) [1] (word2) [1] ) 


/* 
* Define 64-bit XOR 
*/ 
#define SHA512 XOR(wordl, word2, ret) ( 
(ret) [0] = (word1)[0] ^ (word2) [0], 
(ret) [1] = (мога1) [1] ^ (word2) [1] ) 


/* 
* Define 64-bit AND 
av 
#define SHA512 AND(wordl, word2, ret) ( 
(ret) [0] = (word1)[0] & (word2)[0], 
(ret) [1] = (word1)[1] & (word2) [1] ) 


/* 
* Define 64-bit TILDA 
*/ 
#define SHA512 TILDA(word, ret) 
( (ret)[0] = ~(word) [0], (ret)[1] = ^(word)[1] ) 


/* 
* Define 64-bit ADD 
Ey 
#define SHA512 ADD(wordl, word2, ret) ( 
(ret) [1] = (мога1) [1], (ret)[1] += (word2) [1], 


July 2006 


27-27 


\ 
\ 


(ret) [0] = (мога1) [0] + (word2) [0] + ((ret) [1] < (word1)[1]) ) 


/* 
* Add the 4word value in word2 to wordl. 
*/ 
static uint32 t ADDTO4_temp, ADDTO4_temp2; 
#define SHA512 ADDTO4(wordl, word2) ( 
ADDTO4_temp = (мога1) [3], 
(иога1) [3] += (word2) [3], 
ADDTO4_temp2 = (мога1) [2], 
(мога1) (21 += (word2) [2] + ((wordl) [3] < ADDTOA temp), 
ADDTO4_temp = (wordl) [1], 
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(wordl1) [1] += (word2)[1] + ((word1)[2] < ADDTOA temp2), N 
(word1)[0] += (word2)[0] + ((мога1) [1] < ADDTOA temp) ) 

/* 

* Add the 2word value in word2 to wordl. 

РА 


static uint32_t ADDTO2_temp; 


#define SHA512 ADDTO2(wordl, word2) ( N 
ADDTO2 temp = (мога1) [1], \ 
(моса1) [1] += (word2) [1], \ 
(мога1) [0] += (word2) [0] + ((мога1) [1] < ADDTO2 temp) ) 

/* 

* SHA rotate ((word >> bits) | (word << (64-bits))) 
*/ 

static uint32 t ROTR_temp1[2], ROTR temp2[2]; 

#define SHA512 ROTR(bits, word, ret) ( N 
SHA512 SHR((bits), (word), ROTR templ), N 
SHA512 SHL(64-(bits), (word), ROTR temp2), N 


5НА512 OR(ROTR templ1, ROTR temp2, (ret)) ) 


/* 
* Define the SHA SIGMA and sigma macros 
Ж 5НА512 ROTR(28,word) ^ SHA512 ROTR(34,word) ^ SHA512 ROTR(39,word) 
Ж/ 

static uint32 t SIGMAO templ1[2], SIGMAO temp2[2], 

ЅІСМАО temp3[2], SIGMAO temp4[2]; 

#define SHA512 SIGMAO (word, ret) ( 

SHA512 ROTR(28, (word), SIGMAO templ), 

SHA512 ROTR(34, (word), SIGMAO temp2), 

SHA512 ROTR(39, (word), SIGMAO temp3), 

SHA512 XOR(SIGMAO temp2, SIGMAO temp3, SIGMAO temp4), 

SHA512 XOR(SIGMAO templ, SIGMAO temp4, (ret)) ) 


жж 


/* 
ж 5НА512 ROTR(14,word) ^ 5НА512 ROTR(18,word) ^ 5НА512 ROTR(A41,word) 
*/ 
static uint32 t 51СМА1 templ1[2], 5ІСМА1 temp2[2], 
SIGMA1 temp3[2], 51СМА1 temp4[2]; 
#define SHA512 SIGMA1(word, ret) ( 
SHA512 ROTR(14, (word), 5ІСМА1 templ), 
НА512 ROTR(18, (word), 5ІСМА1 temp2), 
HA512 ROTR(41, (word), 51СМА1 temp3), 
1A512 XOR(SIGMA1 temp2, SIGMA1 temp3, SIGMA1 temp4), 
14512 XOR(SIGMA1 templ, 5ІСМА1 temp4, (ret)) ) 


v ae au 


S 
S 
S 
S 


(5НА512 ROTR( 1,word) ^ 5НА512 ROTR( 8,word) ^ SHA512 SHR( 7,word)) 
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*/ 

static uint32 t sigma0 templ1[2], sigma0 temp2[2], 
sigma0 temp3[2], sigma0 temp4[2]; 

#define SHA512 sigma0 (word, ret) ( 

5НА512 ROTR( 1, (word), sigma0 templ), 

НА512 ROTR( 8, (word), sigma0 temp2), 


S 

5НА512 SHR( 7, (word), sigma0 temp3), 
SH 

S 


"DP dit м ie ae 


НА512 XOR(sigma0 temp2, sigma0 temp3, sigma0 temp4), 
НА512 XOR(sigma0 templ, sigma0 temp4, (ret)) ) 


/* 
х (SHA512 ROTR(19,word) ^ 5НА512 ROTR(61,word) ^ SHA512 SHR( 6,word)) 
*/ 

static uint32 t sigmal templ1[2], sigmal temp2[2], 

sigmal temp3[2], sigmal temp4[2]; 
#define SHA512 sigmal(word, ret) ( 
SHA512 ROTR(19, (word), sigmal templ), 
SHA512 ROTR(61, (word), sigmal temp2), 
SHA512 SHR( 6, (word), sigmal temp3), 
SHA512 XOR(sigmal temp2, sigmal temp3, sigmal temp4), 
SHA512 XOR(sigmal templ, sigmal temp4, (ret)) ) 


M Lu T uu 


#undef SHA Ch 
#undef SHA Maj 


#ifndef USE MODIFIED MACROS 

/ж 
* These definitions are the ones used in FIPS-180-2, section 4.1.3 
хо  Ch(x,y,z) ((х & y) ^ Cx в z)) 

*/ 

static uint32 t Ch templ[2], Ch temp2[2], Ch temp3[2]; 


#define SHA Ch(x, y, z, ret) ( N 
SHA512 AND(x, y, Ch temp1), N 
SHA512 TILDA(x, Ch temp2), N 
SHA512 AND(Ch temp2, z, Ch temp3), X 
SHA512 XOR(Ch templ1, Ch temp3, (ret)) ) 
/* 
* Maj(x,y,z) (((х)8(у)) ^ ((х)6(2)) ^ (Cy) &(2))) 
х/ 

static uint32_t Maj_temp1[2], Maj_temp2[2], 
Maj_temp3[2], Maj_temp4[2]; 

#define SHA_Maj(x, у, 2, ret) ( \ 
SHA512 AND(x, y, Maj templ), N 
SHA512 AND(x, z, Maj temp2), N 
SHA512 AND(y, z, Maj temp3), N 
SHA512 XOR(Maj temp2, Maj temp3, Maj temp4), N 

( 


SHA512 XOR(Maj templ, Maj temp4, (ret)) ) 
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felse /* !USE 32BIT ONLY */ 

/* 

* These definitions are potentially faster equivalents for the ones 
* used in FIPS-180-2, section 4.1.3. 


* ((x & y) ^ (x в z)) becomes 
Ы ((х & (у ^ z)) ^ z) 
*/ 

#define SHA_Ch(x, у, 2, ret) ( \ 
(ret) [0] = (((x) [0] & ((y)[0] ^ (z)[0])) ^ (2 , \ 
(ret) [1] = (((x) (11 & ((у) [1] ^ (2) [1])) ^ (2 ) 

/* 

Ж ((х & у) ^ (x в 2) ^ (y & z)) becomes 
* ((х& (у |z) | (у & z)) 
*/ 

#define SHA_Maj(x, у, 2, ret) ( \ 
ret [0] = (((х) [0] 8 ((y) [0] | (2) І01)) | ((у) [0] & (z)[0])), \ 
ret[1] = (((x) [1] 8 ((у) [1] | (2) [11)) | ((y) [1] 8 (2) [11)) ) 


#endif /* USE MODIFIED MACROS */ 


/* 
* add "length" to the length 
А 
static uint32 t ааатетр [4] = (0, 0, 0, 0}; 
#define SHA384_512AddLength(context, length) ( 


\ 

addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), х 
(context) ->Corrupted = (((context)-»Length[3] == 0) && \ 
((context)-»Length[2] == 0) && ((context)->Length[1] == 0) && \ 


((context)-»Length[0] < 8)) ? 1: 0) 


/* Local Function Prototypes */ 
static void SHA384 512Finalize(SHA512Context *context, 

uint8 t Pad Byte); 
static void SHA384 512PadMessage(SHA512Context *context, 

uint8 t Pad Byte); 
static void SHA384 512ProcessMessageBlock(SHA512Context *context); 
static int 5НА384 512Reset(SHA512Context *context, uint32 t HO[]); 
static int SHA384 512ResultN( SHA512Context *context, 

uint8 t Message Digest[], int HashSize); 


/* Initial Hash Values: FIPS-180-2 sections 5.3.3 and 5.3.4 */ 
static uint32 t SHA384 HO[SHA512HashSize/4] = { 
OxCBBB9D5D, OxC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A, 
0x3070DD17, Ox152FECD8, OxF70E5939, 0x67332667, OxFFCO00B31, 
0х8ЕВ44А87, 0x68581511, OxDBOC2EOD, 0х64Е98ЕА7, 0x47B5481D, 
OxBEFA4FA4 


}; 
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static uint32 t SHA512 HO[SHA512HashSize/4] = { 
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0x6A09E667, OxF3BCC908, OxBB67AE85, 0x84CAA73B, Ox3C6EF372, 
OxFE94F82B, OxA5AFF53A, 0х5Е1036Е1, 0x510E527F, OxADE682D1, 
0x9B05688C, 0х2В3Е6С1Е, Ox1F83D9AB, OxFB41BD6B, Ox5BEOCD19, 


0x137E2179 
}; 


#else /* !USE 32BIT ONLY */ 


/* Define the SHA shift, rotate left and rotate right macro */ 

#define SHA512 НКЕ (різ, мога) (((uint64 t) (мога) ) >> (bits)) 

#define SHA512 ROTR(bits,word) ((((uint64 t) (мога) ) >> (bits)) | N 
(((uint64 t) (word)) «« (64-(bits)))) 


/* Define the SHA SIGMA and sigma macros */ 
#define SHA512 SIGMAO (word) N 


(SHA512 ROTR(28,word) ^ 5НА512 ROTR(34,word) ^ SHA512 ROTR(39,word)) 


#define SHA512 51СМА1 (word) N 


(SHA512 ROTR(14,word) ^ SHA512 ROTR(18,word) ^ SHA512_ROTR(41,word) ) 


#define SHA512 sigma0 (word) N 


(SHA512_ROTR( 1,word) ^ SHA512 ROTR( 8,word) ^ SHA512 SHR( 


#define 5НА512 sigmal (word) N 


(5НА512 ROTR(19,word) ^ SHA512 ROTR(61,word) ^ SHA512 SHR( 


/* 
* add "length" to the length 
x 
static uint64 t addTemp; 
#define SHA384 512AddLength(context, length) 
(addTemp = context-»Length Low, context-»Corrupted = 
((context-»Length Low += length) < addTemp) && 
(**context-»Length High == 0) ? 1 : 0) 


/* Local Function Prototypes */ 

Static void SHA384 512Finalize(SHA512Context *context, 
uint8 t Pad Byte); 

static void SHA384 512PadMessage(SHA512Context *context, 
uint8 t Pad Byte); 


7,word)) 


6,word)) 


POLO ай 


static void SHA384_512ProcessMessageBlock (SHA512Context *context); 
static int SHA384 512Reset(SHA512Context *context, uint64 t HO[]); 


static int SHA384 512ResultN(SHA512Context *context, 
uint8 t Message Digest[], int HashSize); 


/* Initial Hash Values: FIPS-180-2 sections 5.3.3 and 5.3.4 */ 


static uint64 t SHA384 HO[] = ( 


OxCBBB9D5DC1059ED811, 0x629A292A367CD50711, 0x9159015A3070DD1711, 
0x152FECD8F70E593911, 0х67332667ЕЕС00В3111, 0х8ЕВ44А876858151111, 


OxDBOC2EOD64F98FA711, 0x47B5481DBEFA4FA411 
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}; 

static uint64 t SHA512 HO[] = { 
Ox6A09E667F3BCC90811, OxBB67AE8584CAA73Bl11, 0х3С6ЕЕЗ372ЕЕ94Е82811, 
OxA54FF53A5F1D36F111, 0x510E527FADE682D111, Ox9BO5688C2B3E6C1F11, 
OxlF83D9ABFB41BD6Bl11, 0х5ВЕ0Ср19137Е217911 


}; 


#endif /* USE 32BIT ONLY */ 


М. 


+ + + + + + Хх + Хх o FF FF + 


SHA384Reset 


Description: 
This function will initialize the SHA384Context in preparation 
for computing a new SHA384 message digest. 


Parameters: 
context: [in/out] 
The context to reset. 


Returns: 
sha Error Code. 


/ 
int SHA384Reset (SHA384Context *context) 
{ 
return SHA384_512Reset (context, SHA384 H0); 
} 


SHA384Input 


Description: 
This function accepts an array of octets as the next portion 
of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_array: [in] 
An array of characters representing the next portion of 
the message. 

length: [in] 
The length of the message in message_array 


Returns: 
sha Error Code. 


+ + + + + oo хх Хх Хх Хх Хх + Хх Жж Ro Ro Ro X 
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*/ 
int SHA384Input (SHA384Context *context, 
const uint8_t *message_array, unsigned int length) 
{ 
return SHA512Input (context, message_array, length); 


} 


SHA384FinalBits 


Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0b00000### to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 


+ + xo X F + Xo +» + o Хх Хх Хх xoxo ox 


/ 
int SHA384FinalBits (SHA384Context *context, 
const uint8 t message bits, unsigned int length) 


{ 
return SHA512FinalBits (context, message bits, length); 
} 


/* 
* SHA384Result 

ж 

* Description: 

Ж This function will return the 384-bit message 

Е digest into the Message_Digest array provided by the caller. 
* NOTE: The first octet of hash is stored in the Oth element, 
* the last octet of hash in the 48th element. 

ж 

* Parameters: 

* context: [in/out] 

Ж The context to use to calculate the SHA hash. 

* Message Digest: [out] 

* Where the digest is returned. 

Y 
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* Returns: 


* sha Error Code. 
* 


*/ 
int SHA384Result (SHA384Context *context, 
uint8 t Message Digest[SHA384HashSize]) 


{ 
return SHA384 512ResultN(context, Message Digest, SHA384HashSize); 


М. 


+ + Xo + + =» Xo Ro хх OF 


SHA512Reset 


Description: 
This function will initialize the SHA512Context in preparation 
for computing a new SHA512 message digest. 


Parameters: 
context: [in/out] 
The context to reset. 


Returns: 
sha Error Code. 


/ 
int SHA512Reset (SHA512Context *context) 
{ 
return SHA384_512Reset (context, SHA512 H0); 
} 


SHA512Input 


Description: 
This function accepts an array of octets as the next portion 
of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message_array: [in] 
An array of characters representing the next portion of 
the message. 

length: [in] 
The length of the message in message_array 


Returns: 
sha Error Code. 


+ + + + + oo + + Хх Хх Хх Хх Хх Хх Ro ж 
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ж 
x 
int SHA512Input (SHA512Context *context 
const uint8_t *message_array, 
unsigned int length) 
if (!length) 
return shaSuccess; 


if (!context | | 'message_array) 
return shaNull; 


if { 


shaStateError 


(context-»Computed) 
context-»Corrupted 
return shaStateError; 


} 
if (context-»Corrupted) 
return context-—>Corrupted; 


while (length-- && 

context-»Message Block[context-»Me 
(*message array & OxFF); 

if (!SHA384 512AddLength(context, 

(context-»Message Block Index 


SHAs and HMAC-SHAs 


!context-»Corrupted) 


July 2006 


, 


, 


{ 
ssage_Block_Index++] 


8) && 
SHA512 Message Block Size)) 


SHA384 512ProcessMessageBlock (context); 


message аггау++; 


} 


return shaSuccess; 


SHA512FinalBits 


Description: 


Parameters: 

context: [in/out] 
The SHA context to update 

message_bits: [in] 
The final bits of the message, 
byte. (Use Ob###00000 instead o 
three bits ###.) 

length: [in] 


+ + + + ok Хх 0 Хх OR F F ж 
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This function will add in any final bits of the message. 


in the upper portion of the 
f 0000000444 to input the 
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The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 


+ + F xo xo ж 


/ 
int SHA512FinalBits (SHA512Context *context, 
const uint8_t message_bits, unsigned int length) 
{ 
uint8_t masks[8] = { 
/* 0 0500000000 */ 0x00, /* 
/* 2 0611000000 */ Oxco, /* 
/* 4 0611110000 */ OxFO, /* 
/* 6 0511111100 */ OxFC, /* 


0010000000 */ 0x80, 
0011100000 */ OxEO, 
0011111000 */ OxF8, 
0011111110 */ OxFE 


ао H 


}; 

uint8_t markbit[8] = { 
/* 0 0510000000 */ 0х80, /* 
/* 2 0500100000 */ 0x20, /* 
/* 4 0500001000 */ 0x08, /* 
/* 6 0500000010 */ 0x02, /* 


0501000000 */ 0x40, 
0500010000 */ 0x10, 
0000000100 */ 0x04, 
0000000001 */ 0x01 


ао 


}; 


if (!length) 
return shaSuccess; 


if (!context) 
return shaNull; 


if ((context-»Computed) || (length >= 8) || (length == 0)) { 
context-»Corrupted = shaStateError; 
return shaStateError; 


} 


if (context-»Corrupted) 
return context-»Corruptegd; 


SHA384 512AddLength(context, length); 
SHA384 512Finalize(context, (uint8 t) 
((message bits & masks[length]) | markbit[length])); 


return shaSuccess; 


SHA384 512Finalize 


Description: 
This helper function finishes off the digest calculations. 


+ ж хх ж 
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* 

* Parameters: 

* context: [in/out] 

i The SHA context to update 

Li Pad Byte: [in] 

* The last byte to add to the digest before the 0-padding 
* and length. This will contain the last bits of the message 
* followed by another single bit. If the message was an 

* exact multiple of 8-bits long, Pad Byte will be 0x80. 

* 

* Returns: 

* sha Error Code. 

ж 

*/ 


static void SHA384_512Finalize(SHA512Context *context, 
uint8_t Pad_Byte) 
{ 
int_least16_t i; 
SHA384_512PadMessage (context, Pad Byte); 
/* message may be sensitive, clear it out */ 
for (1 = 0; 1 < SHA512 Message Block Size; ++i) 


context-»Message Block[i] = 0; 
#ifdef USE_32BIT_ONLY /* and clear length */ 
context-»Length[0] = context-»Length[1] = 0; 
context-»Length[2] = context-»Length[3] = 0; 


#else /* !USE 32BIT ONLY */ 
context-»Length Low = 0; 
context-»Length High = 0; 

#endif /* USE 32BIT ONLY */ 


context-»Computed = 1; 
} 
/* 
* SHA512Result 
ж 
* Description: 
* This function will return the 512-bit message 
* digest into the Message_Digest array provided by the caller. 
* NOTE: The first octet of hash is stored in the Oth element, 
* the last octet of hash in the 64th element. 
ж 
* Parameters: 
* context: [in/out] 
* The context to use to calculate the SHA hash. 
* Message_Digest: [out] 
* Where the digest is returned. 
* 
* 


Returns: 
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Ж sha Error Code. 
ж 


*/ 
int SHA512Result (SHA512Context *context, 
uint8 t Message Digest[SHA512HashSize]) 
{ 
return SHA384 512ResultN(context, Message Digest, SHA512HashSize); 
} 


SHA384_512PadMessage 


Description: 
According to the standard, the message must be padded to an 
even 1024 bits. The first padding bit must be a 71”. The 
last 128 bits represent the length of the original message. 
All bits in between should be 0. This helper function will 
pad the message according to those rules by filling the 
Message Block array accordingly. When it returns, it can be 
assumed that the message digest has been computed. 


Parameters: 

context: [in/out] 
The context to pad 

Pad Byte: [in] 
The last byte to add to the digest before the 0-padding 
and length. This will contain the last bits of the message 
followed by another single bit. If the message was an 
exact multiple of 8-bits long, Pad Byte will be 0x80. 


Returns: 
Nothing. 


+ + + Жж + + Хх Хх Хх Хх Хх Хх Хх Хх Хх Хх 0X O0 OR OR OR Ro X 


ж 


*/ 
static void SHA384 512PadMessage(SHA512Context *context, 
uint8_t Pad_Byte) 
{ 
/* 
* Check to see if the current message block is too small to hold 
* the initial padding bits and length. If so, we will pad the 
* block, process it, and then continue padding into a second 
* block. 
*/ 
if (context-»Message Block Index >= (SHA512 Message Block 51те-16)) { 
context-»Message Block[context-»Message Block Іпаех++] = Pad Byte; 
while (context-»Message Block Index < SHA512 Message Block Size) 
context-»Message Block[context-»Message Block Іпаех++] = 0; 
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SHA384 512ProcessMessageBlock (context); 


) else 


context-»Message Block[context-»Message Block Іпаех++] = Pad Byte; 


while (context-»Message Block Index < (S EE 
context-»Message Block[context-»Message Block Іпаех++] = 0; 


/* 


HA512_Message_Block_Size-16) ) 


* Store the message length as the last 16 octets 


kf 


#ifdef USE 32BIT ONLY 


context-»Message Block[112] 
context-»Message Block[113] 
context-»Message Block[114] 
context-»Message Block[115] 
context-»Message Block[116] 
context-»Message Block[117] 
context-»Message Block[118] 
context-»Message Block[119] 


context-»Message Block[120] 
context-»Message Block[121] 
context-»Message Block[122] 
context-»Message Block[123] 
context-»Message Block[124] 
context-»Message Block[125] 
context-»Message Block[126] 
context-»Message Block[127] 


delse /* !USE 32BIT ONLY */ 


context-»Message Block[112] 
context-»Message Block[113] 
context-»Message Block[114] 
context-»Message Block[115] 
context-»Message Block[116] 
context-»Message Block[117] 
context-»Message Block[118] 
context-»Message Block[119] 


context-»Message Block[120] 
context-»Message Block[121] 
context—>Message_Block [122] 
context—>Message_Block [123] 
context—>Message_Block [124] 
context—>Message_Block [125] 
context—>Message_Block [126] 
context—>Message_Block [127] 


#endif /* USE 32BIT ONLY */ 
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uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 


( 
( 
( 
( 
( 
( 
( 
(uint8 t 


) 
) 
) 
) 
) 
) 
) 
) 


——————— 
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uint8 t 
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( 
( 
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uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
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( 
( 
( 
( 
( 
( 
( 
(uint8 t 


) 
) 
) 
) 
) 
) 
) 
) 


———————— 


uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 
uint8 t 


( 
( 
( 
( 
( 
( 
( 
(uint8 t 


) 
) 
) 
) 
) 
) 
) 
) 


——————— 
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context-»Length[0] >> 2 
context-»Length[0] >> 1 
context-»Length[0] >> 8 
context-»Length[0]); 

context-»Length[1] >> 2 
context-»Length[1] >> 1 
context-»Length[1] >> 8 
context-»Length[1]); 


context-»Length[2] >> 2 
context-»Length[2] >> 1 
context-»Length[2] >> 8 
context-»Length[2]); 

context-»Length[3] >> 2 
context-»Length[3] >> 1 
context-»Length[3] >> 8 
context-»Length[3]); 


context-»Length High >> 56) 

context-»Length High >> 48) 

context-»Length High >> 40); 
context-»Length High >> 32) 

context-»Length High >> 24) 

context-»Length High >> 16) 

context-»Length High >> 8); 

context-»Length High); 


context-»Length Low >> 56) 

context-»Length Low >> 48) 

context-»Length Low >> 40); 
context-»Length Low >> 32) 

context-»Length Low >> 24) 

context-»Length Low >> 16) 

context-»Length Low >> 8); 

context-»Length Low); 
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SHA384 512ProcessMessageBlock (context); 
} 


SHA384_512ProcessMessageBlock 


Description: 
This helper function will process the next 1024 bits of the 
message stored in the Message_Block array. 


Parameters: 
context: [in/out] 
The SHA context to update 


Returns: 
Nothing. 


Comments: 
Many of the variable names in this code, especially the 
single character names, were used because those were the 
names used in the publication. 


+ + + X 0X + + + + Xo F + + + + + + 


ж 


*/ 
static void SHA384 512ProcessMessageBlock(SHA512Context *context) 
{ 
/* Constants defined in FIPS-180-2, section 4.2.3 */ 
#ifdef USE_32BIT_ONLY 
static const uint32_t K[80*2] = { 
0x428A2F98, 0xD728AE22, 0х71374491, Ox23EF65CD, 0хВ5СОЕВСЕ, 
OxECA4D3B2F, OxE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538, 
0х59Е111Е1, OxB605D019, 0х923Е82А4, OxAF194F9B, OxABICBEDS5, 
OxDA6D8118, OxD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE, 
0x243185BE, 0х4ЕЕ4В28С, 0x550C7DC3, 0хр5ЕЕВ4Е2, Ox72BE5D74, 
OxF27B896F, Ox80DEBIFE, 0x3B1696B1, Ox9BDCO6A7, 0x25C71235, 
OxC19BF174, OxCF692694, 0хЕ49В69С1, Ox9EF14AD2, OxEFBE4786, 
0x384F25E3, OxOFC19DC6, Ox8B8CD5B5, 0х240СА1СС, 0х77АС9С65, 
Ox2DE92C6F, 0х592В0275, 0x4A7484AA, 0х6ЕА6Е483, 0х5СВОА9ГС, 
OxBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, OxEE66DFAB, 
0xA831C66D, 0x2DB43210, 0xB00327C8, 0х98ЕВ213Е, 0хВЕ597ЕС7, 
OxBEEFOEE4, 0хС6Е00ВЕЗ, Ox3DA88FC2, 0xD5A79147, 0x930AA725, 
0x06CA6351, 0хЕ003826Е, 0x14292967, 0х0А0Е6Е70, 0x27B70A85, 
0x46D22FFC, 0х2Е1В2138, 0x5C26C926, Ox4D2C6DFC, Ox5AC42AED, 
0x53380D13, 0х9р95В3ГЕ, 0x650A7354, Ox8BAF63DE, 0х766АОАВВ, 
0x3C77B2A8, 0х81С2С92Е, Ox47EDAEE6, 0х92722С85, 0x1482353B, 
OxA2BFE8A1, 0х4СЕ10364, 0хА81А664В, 0хВС423001, 0xC24B8B70, 
0хр0Е89791, 0xC76C51A3, 0х0654ВЕ30, 0х0192Е819, OxD6EF5218, 
0xD6990624, 0x5565A910, OxF40E3585, 0x5771202A, 0x106AA070, 
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Ox32BBD1B8, 0x19A4C116, OxB8D2D0C8, Ox1E376C08, 0x5141AB53, 
0х2748774С, OxDF8EEB99, Ox34BOBCB5, 0хЕ19В48А8, 0x391COCB3, 
0xC5C95A63, Ox4ED8AA4A, OxE3418ACB, 0х5ВОССАЯЕ, 0х7763Е373, 
0x682E6FF3, OxD6B2B8A3, 0х748Е82ЕЕ, OxSDEFB2FC, 0x78A5636F, 
0х43172Е60, 0x84C87814, OxA1F0AB72, 0x8CC70208, 0х1А6439ЕС, 
Ox90BEFFFA, 0х23631Е28, 0хА4506СЕВ, OxDE82BDE9, ОхВЕҒОАЗЕТ7, 
0xB2C67915, 0xC67178F2, 0xE372532B, 0хСА273ЕСЕ, 0хЕА26619С, 
OxD186B8C7, 0x21C0C207, OxEADA7DD6, OxCDEOEBIE, OxF57D4F7F, 
OxEE6ED178, 0х06Ғ067АА, 0х72176ЕВА, 0x0A637DC5, OxA2C898A6, 
0x113F9804, OxBEF90DAE, 0х1В710В35, 0х131С471В, 0x28DB77F5, 
0x23047D84, 0х32СААВ7В, 0x40C72493, 0х3С9ЕВЕОА, 0х15СЭВЕВС, 
0х431067С4, 0x9C100DA4C, 0х4СС504ВЕ, OxCB3E42B6, 0x597F299C, 
OxFC657E2A, Ox5FCB6FAB, Ox3AD6FAEC, 0x6C44198C, 0х4А475817 


}; 


int t, t2, t8; /* Loop counter */ 

uint32 t templ[2], temp2[2], /* Temporary word values */ 
temp3[2], temp4[2], temp5[2]; 

uint32 t W[2*80]; /* Word sequence */ 


uint32 t A[2], B[2], C[2], D[2], /* Word buffers */ 
E[2], F[2], G[2], H[2]; 


/* Initialize the first 16 words in the array W */ 
for (t = t2 t8 = 0; t < 16; t++, t8 += 8) { 


W[t2++] = ((((uint32 t)context-»Message Block[t8 1)) << 24) | 
((((uint32 t)context-»Message Block[t8 + 1])) << 16) | 
((((uint32 t)context-»Message Block[t8 + 21)) << 8) | 
((C(uint32 t)context-»Message Block[t8 + 3]))); 

W[t2++] = ((((uint32 t)context-»Message Block[t8 + 4])) << 24) 
((((uint32 t)context-»Message Block[t8 + 5])) << 16) 
((((uint32_t)context-—>Message_Block[t8 + 6])) << 8) | 
((C(uint32 t)context-»Message Block[t8 + 7]))); 


} 


for (t = 16; t < 80; tt++, t2 += 2) { 
/* W[t] = SHA512 sigmal(W[t-2]) + W[t-7] + 
SHA512 sigma0 (W[t-15]) + W[t-16]; */ 
uint32 t *Wt2 = &W[t2-2*2]; 
uint32 t *Wt7 = &W[t2-7*2]; 
uint32 t *Wt15 = &W[t2-15*2]; 
uint32 t *Wt16 = &W[t2-16*2]; 
SHA512 sigmal(Wt2, templ); 
SHA512 ADD(templ, Wt7, temp2); 
SHA512 sigma0 (Wt15, templ); 
5НА512 ADD(templ, Wtl16, temp3); 
SHA512 ADD(temp2, temp3, &W[t2]); 
} 


A[0] = context-»Intermediate Hash[0]; 
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A[1] = 
B[0] = 
B[1] = 
С[0] = 
С111 = 
D[0] = 
р[1] = 
Е[0] = 
Е[1] = 
Е[0] = 
Е[1] = 
G[0] = 
G[1] = 
H[0] = 
Н[1] = 


х templ = H + 5НА512 51СМА1(Е) 


SHAs апа HMAC-SHAs 


context-»Intermediate I 
context-»Intermediate I 


context-»Intermediate . 
context-»Intermediate . 


context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 


context-»Intermediate . 


context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 


context-»Intermediate . 


= t2 = 0; t < 80; tet, 


SHA512_SIGMA1 (E, temp1) ; 
SHA512 ADD(H, templ, temp2) 
SHA Ch (E,F,G,temp3); 

SHA512 ADD(temp2, temp3, temp4); 


, 


lash[1]; 


ash[2]; 
ash[3]; 
ash[4]; 
ash[5]; 
ash[6]; 


ilash[7]; 
lash[8]; 
lash[9]; 


ash[10]; 
ash[11]; 


lash [12]; 
1lash [13]; 
lash[14]; 


ash[15]; 


t2 += 2) 


SHA512_ADD(&K[t2], &W[t2], temp5); 
SHA512 ADD(temp4, temp5, templ); 
/* 


* temp2 = SHA512_SIGMAO (A) 


*/ 


5НА512 SIGMAO (A, temp3) ; 
SHA Maj (A, B, C, temp4) ; 
SHA512 ADD(temp3, temp4, temp2); 


H[0] 
G[0] 
F[0] 


= G[0]; H[1] = GI1]; 
ЕІ01; G[1] F[1]; 
= E[0]; Е[1] = Е[1]; 


SHA512 ADD(D, templ, Е); 


D[0] 
C[0] 
B[0] 


SHA512 ADD(templ1, temp2, А); 


} 


SHA512 ADDTO2 
SHA512 ADDTO2 
SHA512 АРРТО2 
SHA512 ADDTO2 
SHA512 ADDTO2 
SHA512 ADDTO2 


Eastlake 


= C[0]; D[1] = CI1]; 
ВІ01; C[1] B[1]; 
= A[0]; В[1] = А[1]; 


————— 


3rd & Hansen 


, 


{ 


+ SHA Maj (A,B,C); 


&context-»Intermediate Hash[0], 
&context-»Intermediate Hash[2], 
&context-»Intermediate Hash[4], 
&context-»Intermediate Hash[6], 
&context-»Intermediate Hash[8], 
&context-»Intermediate Hash[10], 


Informational 


+ SHA Ch(E,F,G) 


* K[t] 


July 2006 


* W[t]; 
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SHA512 ADDTO2(&context-»Intermediate Hash[12], G); 
SHA512 ADDTO2(&context-»Intermediate Hash[14], Н); 


#else /* !USE 32BIT ONLY */ 
static const uint64 t K[80] = ( 

0x428A2F98D728AE2211, 0x7137449123EF65CD11, ОхВ5СОЕВСЕЕСАрЗВ2Ғ11, 
OxE9B5DBA58189DBBC11, 0x3956C25BF348B53811, 0x59F111F1B605D01911, 
0х923Е82А4АЕ194Е9В11, OxABIC5ED5DA6D811811, 0xD807AA98A303024211, 
0х12835В0145706ЕВЕ11, 0х243185ВЕ4ЕЕ4В28С11, 0x550C7DC3D5FFB4E211, 
Ox72BE5D74F27B896F11, Ox80DEBIFE3B1696B111, 0x9BDC06A725C7123511, 
0хС19ВЕ174СЕ69269411, 0хЕ49В69С19ЕҒІЛАр211, OxEFBE4786384F25E311, 
OxOFC19DC68B8CD5B511, 0х240СА1СС77АС9С6511, Ox2DE92C6F592B027511, 
0х4А7484АА6ЕА6Е48311, 0х5СВОА9рСВГ41ЕВГ411, 0x76F988DA831153B511, 
0х983Е5152ЕЕ66ГЕАВ11, 0xA831C66D2DB4321011, 0хВО0327С898ЕВ213Е11, 
0хВЕ5Б97ЕС7ВЕЕЕОЕЕ411, 0хС6ЕО00ВЕЗЗГА88ЕС211, 0xD5A79147930AA72511, 
0х06СА6351Е003826Е11, 0x142929670A0E6E7011, 0х27В70А8546022ҒЕС11, 
0х2Е1В21385С26С92611, Ox4D2C6DFC5AC42AED11, 0x53380D139D95B3DFll, 
0х650А73548ВАЕ63ПЕ11, 0x766A0ABB3C77B2A811, 0х81С2С92Е47ЕПАЕЕ611, 
0x92722C851482353Bll, OxA2BFE8A14CF1036411, OxA81A664BBC42300111, 
OxC24B8B70D0F8979111, 0xC76C51A30654BE3011, OxD192E819D6EF521811, 
0xD69906245565A91011, 0хЕ40Е35855771202А11, 0x106AA07032BBD1B811, 
0х19А4С116В8р2р0С811, Ox1E376C085141AB5311, 0x2748774CDF8EEB9911, 
Ox34BOBCB5E19BA48A811, 0x391COCB3C5C95A6311, Ox4ED8AAA4AE3418ACBl11, 
0х589ССА4Е7763Е37311, 0x682E6FF3D6B2B8A311, Ox748F82EE5DEFB2FC11, 
0x78A5636F43172F6011, 0x84C87814A1F0AB7211, 0х8СС702081А6439ЕС11, 
Ox90BEFFFA23631E2811, 0хА4506СЕВрЕ82ВрЕ911, OxBEF9A3F7B2C6791511, 
0хС67178Е2Е372532811, 0хСА273ЕСЕЕА26619С11, OxD186B8C721C0C20711, 
OxEADA7DD6CDEOEBIEl11, OxF57D4F7FEE6ED17811, 0х06Е067АА72176ЕВА11, 
0x0A637DC5A2C898A611, 0х113Е9804ВЕЕ90ГАЕ11, 0х1В710В35131С471В11, 
0x28DB77F523047D8411, 0х32СААВ7В40С7249311, 0х3С9ЕВЕОА15С9ВЕВС11, 
0x431D67C49C100D4C11, Ox4CC5D4BECB3E42B611, 0х597Е299СЕС657Е2А11, 
0х5ЕСВ6ЕАВЗАПбЕАЕС11, 0х6С44198С4А47581711 


}; 


int t, t8; /* Loop counter */ 
uint64 t templ, temp2; /* Temporary word value */ 
uint64 t W[80]; /* Word sequence */ 


uint64 t A, B, C, D, E, F, G, H; /* Word buffers */ 


/* 
* Initialize the first 16 words in the array W 
А] 
for (t = t8 = 0; t < 16; ©++, t8 += 8) 
W[t] = ((uint64 t) (context->Message_Block[t8 1) << 56) | 
((uint64_t) (context->Message_Block[t8 + 11) << 48) | 
((uint64 t) (context-»Message Block[t8 + 21) << 40) | 
((uint64 t) (context-»Message Block[t8 + 31) << 32) 
((uint64 t) (context-»Message Block[t8 + 41) << 24) 
((uint64 t) (context-»Message Block[t8 + 5]) << 16) | 
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<< 8) | 


((uint64 t) (context->Message_Block[t8 + 7])); 


for (t = 
W[t] 


16; t < 80; ttt) 


щщ оош ОО ОО 


for (t = 0; 
templ 
temp2 

G; 


с < 80; +++) { 


SHA512 SIGMAO (А) 


pDUQUE'"osdqm 


templ + temp2; 
} 


context-»Intermediate . 
context-»Intermediate . 
context-»Intermediate I 
context-»Intermediate . 
context-»Intermediate . 
context-»Intermediate . 
context-»Intermediate I 
context-»Intermediate Н 
#endif /* USE 32BIT ONLY */ 


context-»Message Block Index 


} 


SHA384_512Reset 


Description: 


+ + ххх ж 
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context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 
context-»Intermediate I 


= SHA512 sigmal(W[t-2]) 
5НА512 sigma0 (W[t-15]) 


context-»Intermediate I 


= H + SHA512 SIGMA (Е) 


ash[0] 
ash[1] 
ash[2] 
ash [3] 
ash[4] 
ash[5] 
ash[6] 
lash[7] 


* W[t-7] 
* W[t-16]; 


+ 


lash [0]; 
lash[1]; 
lash [2]; 
lash [3]; 
lash[4]; 
lash[5]; 
lash[6]; 
lash[7]; 


+ SHA Ch(E,F,G) + K[t] 


+ SHA Maj (A,B,C); 


* W[t]; 


4... Ne Ne 


mom "n rpmuUoOtUuw» 


<. 


This helper function will initialize the SHA512Context in 
preparation for computing a new SHA384 or SHA512 message 
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* digest. 

* 

* Parameters: 

* context: [in/out] 

х The context to reset. 
x HO 

ж Тһе initial hash value to use. 
ж 

* Returns: 

* sha Error Code. 

ж 

*/ 


#ifdef USE_32BIT_ONLY 
static int 5НА384 512Reset(SHA512Context *context, uint32 t НО(1) 
+е1зе /* !USE 32BIT ONLY */ 
static int SHA384 512Reset(SHA512Context *context, uint64 t HO[]) 
#endif /* USE 32BIT ONLY */ 
{ 

int ij 

if (!context) 

return shaNull; 


context-»Message Block Index = 0; 
#ifdef USE 32BIT ONLY 


context-»Length[0] = context-»Length[1] = 
context-»Length[2] = context-»Length[3] 


о 
<. 


| 
e 
<. 


for (i = 0; i < SHA512HashSize/4; i++) 
context-»Intermediate Hash[i] = HO[i]; 
#else /* !USE_32BIT_ONLY */ 
context-»Length High = context-»Length Low = 0; 


for (i = 0; i < SHA512HashSize/8; i++) 
context-»Intermediate Hash[i] = HO[il; 
#endif /* USE 32BIT ONLY */ 


context-»Computed = 0; 
context-»Corrupted = 0; 


return shaSuccess; 


SHA384 512ResultN 


Description: 
This helper function will return the 384-bit or 512-bit message 


+ ж хх ж 
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Ж digest into the Message_Digest array provided by the caller. 
* NOTE: The first octet of hash is stored in the Oth element, 
* the last octet of hash in the 48th/64th element. 

* 

* Parameters: 

* context: [in/out] 

* The context to use to calculate the SHA hash. 

* Message_Digest: [out] 

* Where the digest is returned. 

Ж HashSize: [in] 

* The size of the hash, either 48 or 64. 

ж 

* Returns: 

* sha Error Code. 

ж 

*/ 


static int SHA384 512ResultN(SHA512Context *context, 
uint8_t Message_Digest[], int HashSize) 
{ 


int i; 


#ifdef USE 32BIT ONLY 
int i2; 
#endif /* USE 32BIT ONLY */ 


if (!context | | !Message Digest) 
return shaNull; 


if (context-»Corrupted) 
return context-—>Corrupted; 


if (!context-»Computed) 
SHA384 512Finalize(context, 0x80); 


#ifdef USE 32BIT. ONLY 
for (i = i2 = 0; i « HashSize; ) { 

Message Digest[i--*]-(uint8 t) (context-»Intermediate Hash[i2]»»24); 
Message Digest[i--*]-(uint8 t) (context—>Intermediate_Hash[i2]>>16) 
Message Digest[i--*]-(uint8 t) (context-»Intermediate Hash[i2]»»58); 
Message Digest[i-*]-(uint8 t) (context-»Intermediate Назѕһ [і2++]); 
Message Digest[i--*]-(uint8 t) (context-»Intermediate Hash[i2]»»24); 

( ) 
( 
( 


, 


, 


Message Digest[i--*]-(uint8 t) (context-»Intermediate Hash[i2]»»16 
context-»Intermediate Hash[i2]»»8); 
context-—>Intermediate_Hash[i2++]); 


Message Digest[i-*]-(uint8 t 
Message Digest[i-*]-(uint8 t 


) 
) 
) 
) 
) 
) 
) 
) 


——————— 


} 
#else /* !USE_32BIT_ONLY */ 
for (i = 0; i < HashSize; ++i) 
Message_Digest[i] = (uint8_t) 
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(context-»Intermediate Hash[i»»53] >> 8 * (7- (i$ 8) )); 
fendif /* USE 32BIT ONLY */ 


return shaSuccess; 


} 


8.2.4.  usha.c 


ХХХ ХХ ХЖХХЖЖХХЖХХЖЖХЖА kk хххххххххххкхххххххкхххкхххккхх 
usha.c / 
[KKK KK KKK KKK KKK KKK KKK See RFC 4634 for details KOK KKK KK OK ke ke e / 

/* 

* Description: 

Ж This file implements а unified interface to the SHA algorithms. 


*/ 
#include "sha.h" 


/ 
USHAReset 


Description: 
This function will initialize the SHA Context in preparation 
for computing a new SHA message digest. 


Parameters: 
context: [in/out] 
The context to reset. 
whichSha: [in] 
Selects which SHA reset to call 


Returns: 
sha Error Code. 


хх хх + + + Xo X + + + + + 


ж 


a7, 
int USHAReset (USHAContext *ctx, enum SHAversion whichSha) 
{ 
if (ctx) { 
ctx-»whichSha = whichSha; 
switch (whichSha) { 
case 5НА1: return SHAlReset((SHAlContext*)&ctx-»ctx); 
case SHA224: return SHA224Reset((SHA224Context*)&ctx-»ctx); 
case SHA256: return SHA256Reset((SHA256Context*)&ctx-»ctx); 
case SHA384: return SHA384Reset((SHA384Context*)&ctx-»ctx) 
(( ) ) 


, 


, 


case SHA512: return SHA512Reset((SHA512Context*)&ctx-»ctx 
default: return shaBadParam; 


} 
} else { 
return shaNull; 
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USHAInput 


Description: 
This function accepts an array of octets as the next portion 
of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message array: [in] 
An array of characters representing the next portion of 
the message. 

length: [in] 
The length of the message in message array 


Returns: 
sha Error Code. 


+ + + + oko oko Хх Хх Хх Хх Хх Хх Хх Хх OR F OR Ro Ro X 


/ 
int USHAInput (USHAContext *ctx, 
const uint8 t *bytes, unsigned int bytecount) 
{ 
if (ctx) { 
switch (ctx->whichSha) { 
case 5НА1: 
return SHAlInput((SHAlContext*)&ctx-»ctx, bytes, bytecount) ; 
case SHA224: 
return SHA224Input((SHA224Context*)&ctx-»ctx, bytes, 
bytecount); 
case SHA256: 
return SHA256Input((SHA256Context*)&ctx-»ctx, bytes, 
bytecount); 
case SHA384: 
return SHA384Input((SHA384Context*)&ctx-»ctx, bytes, 
bytecount); 
case SHA512: 
return SHA512Input((SHA512Context*)&ctx-»ctx, bytes, 
bytecount); 
default: return shaBadParam; 
} 
} else { 
return shaNull; 


} 
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USHAFinalBits 


Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The SHA context to update 

message bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0500000444 to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 


+ + + + + oo oo Хх + Хх o Хх Хх Хх Хх ox 


/ 
int USHAFinalBits (USHAContext *ctx, 
const uint8 t bits, unsigned int bitcount) 
{ 
if (ctx) { 
switch (ctx->whichSha) { 
case 5НА1: 
return SHAlFinalBits((SHAlContext*)&ctx-»ctx, bits, bitcount); 
case SHA224: 
return SHA224FinalBits((SHA224Context*)&ctx-»ctx, bits, 
bitcount); 
case SHA256: 
return SHA256FinalBits((S 
bitcount); 
case SHA384: 
return SHA384FinalBits((S 
bitcount); 
case SHA512: 
return SHA512FinalBits((SHA512Context*)&ctx-»ctx, bits, 
bitcount); 
default: return shaBadParam; 
} 
} else { 
return shaNull; 


lA256Context*)&ctx-»ctx, bits, 


A384Context*)&ctx-»ctx, bits, 


} 
} 


/* 


* USHAResult 
ж 
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* Description: 

Е This function will return the 160-bit message digest into the 
* Message_Digest array provided by the caller. 

Ж NOTE: Тһе first octet of hash is stored іп the Oth element, 
* the last octet of hash in the 19th element. 

ж 

* Parameters: 

* context: [in/out] 

* The context to use to calculate the SHA-1 hash. 

* Message_Digest: [out] 

* Where the digest is returned. 

* 

* Returns: 

* sha Error Code. 

* 

*/ 


int USHAResult (USHAContext *сїх, 
uint8 t Message Digest[USHAMaxHashSize]) 
{ 
if (ctx) { 
switch (ctx->whichSha) { 
case 5НА1: 
return SHAlResult((SHAlContext*)&ctx-»ctx, Message Digest); 
case SHA224: 
return SHA224Result ( (SHA224Context*) &ctx->ctx, Message Digest); 
case SHA256: 
return SHA256Result ( (SHA256Context*) &ctx->ctx, Message Digest); 
case SHA384: 
return SHA384Result ( (SHA384Context*) &ctx->ctx, Message Digest); 
case SHA512: 
return SHA512Result ((SHA512Context*) &ctx->ctx, Message Digest); 
default: return shaBadParam; 
} 
} else { 
return shaNull; 


} 


USHABlockSize 


Description: 
This function will return the blocksize for the given SHA 
algorithm. 


Parameters: 
whichSha: 
which SHA algorithm to query 


+ + + + + Хх Xo ж 
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Returns: 
block size 


* ж + ox ж 


/ 


SHAs and HMAC-SHAs 


int USHABlockSize(enum SHAversion whichSha) 


( 


switch (whichSha) { 


case 5НА1: 


case SHA224: 
case SHA256: 
case SHA384: 


default: 


case SHA512: 


USHAHashSize 

Description: 
algorithm. 

Parameters: 


whichSha: 


Returns: 
hash size 


+ + X 0X Xo + Xo Xo Xo F FF FF ++ + 


/ 


return 
return 
return 
return 


return 


This function will 


SHA1_Message_Block_Size; 

SHA224_Message_Block_Size; 
SHA256_Message_Block_Size; 
SHA384_Message_Block_Size; 


SHA512_Message_Block_Size; 


return the hashsize for the given SHA 


which SHA algorithm to query 


int USHAHashSize(enum SHAversion whichSha) 


{ 


switch (whichSha) { 


case 5НА1: 


case SHA224: 
case SHA256: 
case SHA384: 


default: 


case SHA512: 


} 
/* 


return 
return 
return 
return 


return 


* USHAHashSizeBits 


ж 


* Description: 


Eastlake 3rd & Hansen 


SHA1HashSize; 

SHA224HashSize; 
SHA256HashSize; 
SHA384HashSize; 


SHA512HashSize; 
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Ж This function will return the hashsize for the given SHA 
X algorithm, expressed in bits. 
ж 

* Parameters: 

* whichSha: 

я which SHA algorithm to query 
ж 

* Returns: 

* hash size in bits 

ж 

*/ 


int USHAHashSizeBits (enum SHAversion whichSha) 
{ 
switch (whichSha) { 

case 5НА1: return SHAlHashSizeBits; 
case SHA224: return SHA224HashSizeBits; 
case SHA256: return SHA256HashSizeBits; 
case SHA384: return SHA384HashSizeBits; 
default: 
case SHA512: return SHA512HashSizeBits; 


} 
8.2.5. sha-private.h 


[KKK KKK KK KKK KKK KKK KKK KK KK KKK sha-private.h KOK KK ck kck ck kck ck ЖКК Ж / 
[KKK KKK KK KKK KKK KKK ke ke e KK See RFC 4634 for details KOK KK KK KK KK ke ke KK kx x / 
#ifndef 5НА PRIVATE__H 
#define 5НА PRIVATE__H 
/* 
These definitions are defined in FIPS-180-2, section 4.1. 
Ch() and Maj() are defined identically in sections 4.1.1, 
* VW .L1.2 and 4.1.3. 


ж x 


The definitions used in FIPS-180-2 are as follows: 


*/ 

#ifndef USE_MODIFIED_MACROS 

#define 5НА Ch(x,y,z) (((х) в (у)) ^ (C (x)) в (z))) 

#define SHA Maj(x,y,z) (((х) в (y)) ^ ((x) & (z)) ^ (Cy) & (z))) 


#else /* USE MODIFIED MACROS */ 
/* 
* The following definitions are equivalent and potentially faster. 


Ж/ 


#define SHA_Ch(x, y, 2) (( (x) 
#define SHA_Maj(x, у, 7) (( (x) 
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#endif /* USE MODIFIED MACROS */ 
#define SHA Parity(x, y, 7) ((x) ^ (y) ^ (z)) 
#endif /*  SHA PRIVATE Н */ 


8.3 The HMAC Code 


[RK KKKK KKK KK KKK KKK KK KK KK ke ke Ж К К hmac.c KOR KKK kck ck кк KK KK KK KKK / 
[KKK KK KKK KKK KKK KKK KKK See RFC 4634 for details KOK KKK KK / 
/* 


* Description: 


* This file implements the HMAC algorithm (Keyed-Hashing for 
* Message Authentication, RFC2104), expressed in terms of the 
Ж various SHA algorithms. 

*/ 


#include "sha.h" 


/ 


hmac 


Description: 
This function will compute an HMAC message digest. 


Parameters: 

whichSha: [in] 

One of SHA1, SHA224, SHA256, SHA384, SHA512 
key: [in] 

The secret shared key. 
key len: [in] 

The length of the secret shared key. 
message array: [in] 

An array of characters representing the message. 
length: [in] 

The length of the message in message array 
digest: [out] 

Where the digest is returned. 

NOTE: The length of the digest is determined by 

the value of whichSha. 


Returns: 
sha Error Code. 


+ + + ЖЖ ХХ oo Хх Хх Хх Хх Хх Хх Хх Хх Хх OR ЖЖЖ үс сүр Xo Xo X 


/ 

int hmac(SHAversion whichSha, const unsigned char *text, int text_len, 
const unsigned char *key, int key_len, 

uint8 t digest [USHAMaxHashSize] ) 
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HMACContext ctx; 

return hmacReset(&ctx, whichSha, key, key len) || 
hmacInput(&ctx, text, text len) 
hmacResult(&ctx, digest); 


/* 
* hmacReset 

* 

* Description: 

Ж This function will initialize the hmacContext іп preparation 
* for computing а new HMAC message digest. 

ж 

* Parameters: 

Е context: [in/out] 

* The context to reset. 

* whichSha: [in] 

X One of SHA1, SHA224, SHA256, SHA384, SHA512 
* key: [in] 

Ы The secret shared key. 

* key_len: [in] 

Ж The length of the secret shared key. 

ж 

* Returns: 

* sha Error Code. 

* 

*/ 


int hmacReset (HMACContext *ctx, enum SHAversion whichSha, 
const unsigned char *key, int key len) 
{ 


int i, blocksize, hashsize; 


/* inner padding - key XORd with ipad */ 
unsigned char k ipad[USHA Max Message Block Size]; 


/* temporary buffer when keylen » blocksize */ 
unsigned char tempkey[USHAMaxHashSize]; 


if (!ctx) return shaNull; 


blocksize = ctx->blockSize = USHABlockSize (whichSha); 
hashsize = ctx->hashSize = USHAHashSize (whichSha); 


ctx-»whichSha = whichSha; 


/* 
* If key is longer than the hash blocksize, 
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* reset it to key = HASH(key). 
*/ 
if (key_len > blocksize) { 
USHAContext tctx; 
int err = USHAReset(&tctx, whichSha) | | 
USHAInput (&tctx, key, key_len) || 
USHAResult (&tctx, tempkey) ; 
if (err != shaSuccess) return err; 


key = tempkey; 
key_len = hashsize; 


The HMAC transform looks like: 
SHA(K XOR opad, SHA(K XOR ipad, text)) 


where К is ап п byte key. 

ipad is the byte 0x36 repeated blocksize times 
ораа is the byte 0х5с repeated blocksize times 
and text is the data being protected. 

/ 


+ + + + + Хх Хх Ro X 


/* store key into the pads, XOR’d with ipad and opad values */ 
for (i = 0; i < key_len; i++) { 
k_ipad[i] = Кеу[1] ^ 0x36; 
ctx->k_opad[i] = key[i] ^ 0х5с; 
} 
/* remaining pad bytes are 'N0' XOR'd with ipad апа opad values */ 
for (; i < blocksize; i++) { 
k ipad[i] = 0x36; 
ctx-»k opad[i] = 0x5c; 
} 


/* perform inner hash */ 

/* init context for 1st pass */ 

return USHAReset(&ctx-»shaContext, whichSha) || 
/* and start with inner pad */ 
USHAInput(&ctx-»shaContext, К ipad, blocksize); 


hmacInput 


Description: 
This function accepts an array of octets as the next portion 
of the message. 


* + + x ox ж 
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Parameters: 

context: [in/out] 
The HMAC context to update 

message array: [in] 
An array of characters representing the next portion of 
the message. 

length: [in] 
The length of the message in message array 


Returns: 
sha Error Code. 


+ + x X Жж + Хх Хх Хх Хх F o X 


/ 
int hmacInput (HMACContext *ctx, const unsigned char *text, 
int text_len) 
{ 
if (!ctx) return shaNull; 
/* then text of datagram */ 
return USHAInput (&ctx->shaContext, text, text len); 
} 


HMACFinalBits 


Description: 
This function will add in any final bits of the message. 


Parameters: 

context: [in/out] 
The HMAC context to update 

message_bits: [in] 
The final bits of the message, in the upper portion of the 
byte. (Use Ob###00000 instead of 0b00000### to input the 
three bits ###.) 

length: [in] 
The number of bits in message bits, between 1 and 7. 


Returns: 
sha Error Code. 


+ + + ok ok oko Хх Хх Хх ++» Хх Хх F OR RS F F X 


/ 

int hmacFinalBits (HMACContext *ctx, 
const uint8_t bits, 

unsigned int bitcount) 


if (!ctx) return shaNull; 


/* then final bits of datagram */ 
return USHAFinalBits(&ctx-»shaContext, bits, bitcount); 
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HMACResult 


Description: 
This function will return the N-byte message digest into the 
Message Digest array provided by the caller. 
NOTE: The first octet of hash is stored in the Oth element, 
the last octet of hash in the Nth element. 


Parameters: 
context: [in/out] 
The context to use to calculate the HMAC hash. 
digest: [out] 
Where the digest is returned. 
NOTE 2: The length of the hash is determined by the value of 
whichSha that was passed to hmacReset(). 


Returns: 
sha Error Code. 


+ + + ok ok oko oco Хх Хх Хх € Хх Хх Хх Жж + F ж 


/ 
int hmacResult (HMACContext *ctx, uint8 t *digest) 
{ 


if (!ctx) return shaNull; 


/* finish up 1st pass */ 
/* (Use digest here as a temporary buffer.) */ 
return USHAResult (&ctx->shaContext, digest) | | 


/* perform outer SHA */ 
/* init context for 2nd pass */ 
USHAReset (&ctx->shaContext, ctx-»whichSha) | | 


/* start with outer pad */ 
USHAInput (&ctx->shaContext, ctx->k_opad, ctx-»blockSize) | | 


/* then results of 1st hash */ 
USHAInput(&ctx-»shaContext, digest, ctx-»hashSize) || 


/* finish up 2nd pass */ 
USHAResult(&ctx-»shaContext, digest); 
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8.4. The Test Driver 


The following code is a main program test driver to exercise the code 
in shal.c, sha224-256.c, and sha384-512.c. The test driver can also 
be used as a stand-alone program for generating the hashes. 


See also [RFC2202], [RFC4231], and [SHAVS]. 


[KKK KKK KK KKK KKK KKK KKK KKK ke ke Ж К К shatest.c KOKCKCkCk ck kck ck kck ck KK OK KKK KK KK / 
[RKRKK KKK KKK KKK KK KKK KKK See RFC 4634 for details KOR KKK KK KK ke ke ke KK KK / 
/* 
Description: 
This file will exercise the SHA code performing 
the three tests documented in FIPS PUB 180-2 
(http://csrc.nist.gov/publications/fips/ 
fips180-2/fips180-2withchangenotice.pdf) 
one that calls SHAInput with an exact multiple of 512 bits 
the seven tests documented for each algorithm in 
"The Secure Hash Algorithm Validation System (SHAVS)", 
three of which are bit-level tests 
(http://csrc.nist.gov/cryptval/shs/SHAVS.pdf) 


This file will exercise the HMAC SHA1 code performing 
the seven tests documented in RFCs 2202 and 4231. 


To run the tests and just see PASSED/FAILED, use the -p option. 


Other options exercise: 
hashing an arbitrary string 
hashing a file's contents 
a few error test checks 
printing the results in raw format 


Portability Issues: 
None. 


+ + + + + Хх oo Хх Хх Хх Хх Хх Хх Хх сэ OR + Xo Xo Xo Xo X 


/ 


#include «stdint.h» 
#include <stdio.h> 
#include <stdlib.h> 
#include <string.h> 
#include <ctype.h> 
#include "sha.h" 


static int xgetopt(int argc, char **argv, const char *optstring); 


extern char *xoptarg; 
static int scasecmp(const char *s1, const char *s2); 
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/* 
* Define patterns for testing 
2 

#define ТЕ5ТІ "abc" 


#define TEST2 1 \ 
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 
#define TEST2 2a \ 
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" 
#define TEST2 2b \ 
"hijklmnoijklmnopjklmnopqgklmnopqrlmnopqrsmnopqrstnopqrstu" 
#define TEST2 2  TEST2 2a TEST2 2b 


#define TEST3 "а" /* times 1000000 */ 
#define TEST4a "01234567012345670123456701234567" 
#define TEST4b "01234567012345670123456701234567" 
/* an exact multiple of 512 bits */ 
#define TEST4 TEST4a TEST4b /* times 10 */ 


#define TEST7 1 \ 
"\x49\xb2\xae\xc2\x59\x4b\xbe\x3a\x3b\x11\x75\x42\xd9\x4a\xc8" 

#define TEST8_1 \ 
"\x9a\x7d\xfd\xfl1l\xec\xea\xd0\x6e\xd6\x46\xaa\x55\xfe\x75\x71\x46" 

#define TEST9 1 \ 
"\x65\xf£9\x32\x99\x5b\xa4\xce\x2c\xb1\xb4\xa2\xe7\xla\xe7\x02\x20" 
"\xaa\xce\xc8\x96\x2d\xd4\x49\x9c\xbd\x7c\x88\x7a\x94\xea\xaa\x10" 
"\xle\xa5\xaa\xbc\x52\x9b\x4e\x7e\x43\x66\x5a\x5a\xf2\xcd\x03\xfe" 
"\x67\x8e\xa6\xa5\x00\x5b\xba\x3b\x08\x22\x04\xc2\x8b\x91\x09\xf4" 
"\x69\xda\xc9\x2a\xaa\xb3\xaa\x7c\x11\xal\xb3\x2a" 

#define TEST10_1 \ 
"\xf7\x8£\x92\x14\x1b\xcd\x17\x0a\xe8\x9b\x4f\xba\x15\xal\xd5\x9f" 
"\x3£\xd8\x4d\x22\x3c\x92\x51\xbd\xac\xbb\xae\x61\xd0\x5e\xd1\x15" 
"\xa0\x6a\x7c\xel\x17\xb7\xbe\xea\xd2\x44\x21\xde\xd9\xc3\x25\x92" 
"\ xbd\x57\xed\xea\xe3\x9c\x39\xfa\xlf\xe8\x94\x6a\x84\xd0\xcf\x1lf" 
"\x7b\xee\xad\x17\x13\xe2\xe0\x95\x98\x97\x34\x7£\x67\xc8\x0b\x04" 
"\x00\xc2\x09\x81\x5d\x6b\x10\xa6\x83\x83\x6f\xd5\x56\x2a\x56\xca" 
"\xb1\xa2\x8e\x81\xb6\x57\x66\x54\x63\xlc\xf1\x65\x66\xb8\x6e\x3b" 
"\x33\xal\x08\xb0\x53\x07\xc0\x0a\xf£\x14\xa7\x68\xed\x73\x50\x60" 
"\x6a\x0f£\x85\xe6\xa9\x1d\x39\x6f£\x5b\x5c\xbe\x57\x7£\x9b\x38\x80" 
"\x7C\x7d\x52\x3d\x6d\x79\x2£\x6e\xbc\x24\xa4\xec\xf2\xb3\xa4\x27" 
"\xcd\xbb\xfb" 

#define TEST7_224 \ 
"\xf0\x70\x06\x£2\x5a\x0b\xea\x68\xcd\x76\xa2\x95\x87\xc2\x8d" 

#define TEST8 224 \ 
"\x18\x80\x40\x05\xdd\x4£\xbd\x15\x56\x29\x9d\x6f£\x9d\x93\xdf\x62" 

#define TEST9 224 \ 
"\xa2\xbe\x6e\x46\x32\x81\x09\x02\x94\xd9\xce\x94\x82\x65\x69\x42" 
"\x3a\x3a\x30\x5e\xd5\xe2\x11\x6c\xd4\xa4\xc9\x87\xfc\x06\x57\x00" 
"\x64\x91\xb1\x49\xcc\xd4\xb5\x11\x30\xac\x62\xb1\x9d\xc2\x48\xc7" 
"\x44\x54\x3d\x20\xcd\x39\x52\xdc\xed\x1£\x06\xcc\x3b\x18\xb9\x1lf" 
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"\x3£\x55\x63\x3e\xcc\x30\x85\xf4\x90\x70\x60\xd2" 

#define TEST10_224 \ 
"\x55\xb2\x10\x07\x9c\x61\xb5\x3a\xdd\x52\x06\x22\xd1\xac\x97\xd5" 
"\xcd\xbe\x8c\xb3\x3a\xa0\xae\x34\x45\x17\xbe\xe4\xd7\xba\x09\xab" 
"\xc8\x53\x3c\x52\x50\x88\x7a\x43\xbe\xbb\xac\x90\x6c\x2e\x18\x37" 
"\xf2\x6b\x36\xa5\x9a\xe3\xbe\x78\x14\xd5\x06\x89\x6b\x71\x8b\x2a" 
"\x38\x3e\xcd\xac\x16\xb9\x61\x25\x55\x3£\x41\x6£\x£3\x2c\x66\x74" 
"\xc7\x45\x99\xa9\x00\x53\x86\xd9\xce\x11\x12\x24\x5£\x48\xee\x47" 
"\x0d\x39\x6c\xle\xd6\x3b\x92\x67\x0c\xa5\x6e\xc8\x4d\xee\xa8\x14" 
"\xb6\x13\x5e\xca\x54\x39\x2b\xde\xdb\x94\x89\xbc\x9b\x87\x5a\x8b" 
"\xaf\x0d\xcl\xae\x78\x57\x36\x91\x4a\xb7\xda\xa2\x64\xbc\x07\x9d" 
"\x26\x9f\x2c\x0d\x7e\xdd\xd8\x10\xa4\x26\x14\x5a\x07\x76\xf6\x7c" 
"\x87\x82\x73" 

#define TEST7_256 \ 

"\ xbe\x27\x46\xc6\xdb\x52\x76\x5£\xdb\x2£\x88\x70\x0£\x9a\x73" 

#define TEST8 256 \ 

"\ xe3\xd7\x25\x70\xdc\xdd\x78\x7c\xe3\x88\x7a\xb2\xcd\x68\x46\x52" 

#define TEST9 256 \ 
"\x3e\x74\x03\xK71\xc8\x10\xc2\xb9\x9f\xc0\x4e\x80\x49\x07\xef\x7c" 
"\xf2\x6b\xe2\x8b\x57\xcb\x58\xa3\xe2\xf3\xc0\x07\x16\x6e\x49\xcl" 
"\x2e\x9b\xa3\x4c\x01\x04\x06\x91\x29\xea\x76\x15\x64\x25\x45\x70" 
"\x3a\x2b\xd9\x01\xel\x6e\xb0\xe0\x5d\xeb\xa0\x14\xeb\xff£\x64\x06" 
"\xa0\x7d\x54\x36\x4e\xf£\x74\x2d\xa7\x79\xb0\xb3" 

#define TEST10_256 \ 
"\x83\x26\x75\x4e\x22\xK77\x37\x2£\x4£\xcl1\x2b\x20\x52\x7a\xfe\xf0" 
"\x4d\x8a\x05\x69\x71\xb1\xla\xd5\x71\x23\xa7\xc1\x37\x76\x00\x00" 
"\xd7\xbe\xf6\xf3\xcl1\xf7\xa9\x08\x3a\xa3\x9d\x81\x0d\xb3\x10\x77" 
"\x7d\xab\x8b\xle\x7£\x02\xb8\x4a\x26\xc7\x73\x32\x5£\x8b\x23\x74" 
"\xde\x7a\x4b\x5a\x58\xcb\x5c\x5c\xf3\x5b\xce\xe6\xfb\x94\x6e\x5b" 
"\xd6\x94\xfa\x59\x3a\x8b\xeb\x3£\x9d\x65\x92\xec\xed\xaa\x66\xca" 
"\x82\xa2\x9d\x0c\x51\xbc\xf9\x33\x62\x30\xe5\xd7\x84\xe4\xc0\xa4" 
"\x3£\x8d\x79\xa3\x0a\x16\x5c\xba\xbe\x45\x2b\x77\x4b\x9c\x71\x09" 
"\ xa9\x7d0\x13\x8f£\x12\x92\x28\x96\x6f\x6c\x0a\xdc\x10\x6a\xad\x5a" 
"\x9f\xdd\x30\x82\x57\x69\xb2\xc6\x71\xaf\x67\x59\xd£\x28\xeb\x39" 
"\x3d\x54\xd6" 

#define TEST7_384 \ 
"\x8b\xc5\x00\xc7\x7c\xee\xd9\x87\x9d\xa9\x89\x10\x7c\xe0\xaa" 

#define TEST8 384 \ 

"\ха4\х1с\х49\х77\х79\хс0\х37\х5Е\хЕ1 \хОа\х7Е\х4е\х08\х59\х17\х39" 

#define ТЕ5Т9 384 \ 
"\x68\x£5\x01\x79\x2d\xea\x97\x96\X76\K70\xK22\xd9\x3d\xa7\x16\x79" 
"\x30\x99\x20\xfa\x10\x12\xae\xa3\x57\xb2\xb1\x33\x1d\x40\xal\xd0" 
"\x3c\x41\xc2\x40\xb3\xc9\xa7\x5b\x48\x92\xf4\xc0\x72\x4b\x68\xc8" 
"\x75\x32\xla\xb8\xcf\xe5\x02\x3b\xd3\x75\xbc\x0f\x94\xbd\x89\xfe" 
"\x04\x£2\x97\xK10\x5d\x7b\x82\xff£\xc0\x02\xla\xeb\xlc\xcbh\x67\x4f£" 
"\x52\x44\xea\x34\x97\xde\x26\xa4\x19\xlc\x5f£\x62\xe5\xe9\xa2\xd8" 
"\x08\x2£\x05\x51\xf4\xa5\x30\x68\x26\xe9\x1c\xc0\x06\xce\xlb\xf6" 
"\xOf\xX£7\x19\xd4\x2£\xa5\x21\xc8\x71\xcd\x23\x94\xd9\x6e\xf4\x46" 
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"\x8£\x21\x96\x6b\x41\xf2\xba\x80\xc2\x6e\x83\xa9" 

#define TEST10_384 \ 
"\x39\x96\x69\xe2\x8£\x6b\x9c\x6d\xbc\xbb\x69\x12\xec\x10\xff\xcf" 
"\x74\x79\x03\x49\xb7\xdc\x8£\xbe\x4a\x8e\x7b\x3b\x56\x21\xdb\x0f" 
"\x3e\x7d\xc8\x7£\x82\x32\x64\xbb\xe4\x0d\x18\x11\xc9\xea\x20\x61" 
"\xel\xc8\x4a\xd1\x0a\x23\xfa\xcl1\x72\x7e\x72\x02\xfc\x3£\x50\x42" 
"\xe6\xbf£f\x58\xcb\xa8\xa2\x74\x6e\x1l£\x64\xf9\xb9\xea\x35\x2c\x71" 
"\x15\x07\x05\x3c\xf4\xe5\x33\x9d\x52\x86\x5£\x25\xcc\x22\xb5\xe8" 
"\x77\x84\xal\x2£\xc9\x61\xd6\x6c\xb6\xe8\x95\x73\x19\x9a\x2c\xe6" 
"\x56\x5c\xbd\xf1\x3d\xca\x40\x38\x32\xcf\xcb\x0e\x8b\x72\x11\xe8" 
"\x3a\xf3\x2a\x11\xac\x17\x92\x9f\xf1\xc0\x73\xa5\xlc\xc0\x27\xaa" 
"\xed\xef\xf8\x5a\xad\x7c\x2b\x7c\x5a\x80\x3e\x24\x04\xd9\x6d\x2a" 
"\x77\x35\x7b\xda\xla\x6d\xae\xed\x17\x15\x1lc\xb9\xbc\x51\x25\xa4" 
"\x22\xe9\x41\xde\x0c\xa0\xfc\x50\x11\xc2\x3e\xcf\xfe\xfd\xd0\x96" 
"\x76\x71\xlc\xf3\xdb\x0a\x34\x40\x72\x0e\x16\x15\xcl1\xf2\x2£\xbe" 
"\x3c\x72\xl1ld\xe5\x21\xel\xb9\x9b\xal\xbd\x55\x77\x40\x86\x42\x14" 
"\x7e\xd0\x96" 

#define TEST7_512 \ 
"\x08\xec\xb5\x2e\xba\xel\x£7\x42\x2d\xb6\x2b\xcd\x54\x26\x70" 

#define TEST8 512 \ 
"\x8d\x4e\x3c\x0e\x38\x89\x19\x14\x91\x81\x6e\x9d\x98\xbf\xf0\xa0" 

#define TEST9 512 \ 
"\x3a\xdd\xec\x85\x59\x32\x16\xd1\x61\x9a\xa0\x2d\x97\x56\x97\x0b" 
"\xfc\x70\xac\xe2\x74\x4£\x7c\x6b\x27\x88\x15\x10\x28\xf£7\xb6\xa2" 
"\x55\x0£\xd7\x4a\x7e\x6e\x69\xc2\xc9\xb4\x5f£\xc4\x54\x96\x6d\xc3" 
"\x1ld\x2e\x10\xda\x1lf£\x95\xce\x02\xbe\xb4\xbf£\x87\x65\x57\x4c\xbd" 
"\x6e\x83\x37\xef\x42\x0a\xdc\x98\xcl1\x5c\xb6\xd5\xe4\xa0\x24\x1b" 
"\xa0\x04\x6d\x25\x0e\x51\x02\x31\xca\xc2\x04\x6c\x99\x16\x06\xab" 
"\x4e\xe4\x14\x5b\xee\x2£\xf4\xbb\x12\x3a\xab\x49\x8d\x9d\x44\x79" 
"\x4£\x99\xcc\xad\x89\xa9\xal\x62\x12\x59\xed\xa7\x0a\x5b\x6d\xd4" 
"\ xbd\xd8\x77\x78\xc9\x04\x3b\x93\x84\xf£5\x49\x06" 

#define TEST10_512 \ 
"\ xa5\x5£\x20\xc4\x11\xaa\xd1\x32\x80\x7a\x50\x2d\x65\x82\x4e\x31" 
"\ xa2\x30\x54\x32\xaa\x3d\x06\xd3\xe2\x82\xa8\xd8\x4e\x0d\xel\xde" 
"\x69\x74\xb£\x49\x54\x69\xfc\x7£\x33\x8£\x80\x54\xd5\x8c\x26\xc4" 
"\x93\x60\xc3\xe8\x7a\xf£5\x65\x23\xac\xf£6\xd8\x9d\x03\xe5\x6£\xf2" 
"\xf8\x68\x00\x2b\xc3\xe4\x31\xed\xc4\x4d\xf2\xf0\x22\x3d\x4b\xb3" 
"\ xb2\x43\x58\x6e\xla\x7d\x92\x49\x36\x69\x4f£\xcb\xba\xf8\x8d\x95" 
"\x19\xe4\xeb\x50\xa6\x44\xf8\xe4\xf£9\x5e\xb0\xea\x95\xbc\x44\x65" 
"\xc8\x82\xla\xac\xd2\xfe\x15\xab\x49\x81\x16\x4b\xbb\x6d\xc3\x2f£" 
"\x96\x90\x87\xal\x45\xb0\xd9\xcc\x9c\x67\xc2\x2b\x76\x32\x99\x41" 
"\x9c\xc4\x12\x8b\xe9\xa0\x77\xb3\xac\xe6\x34\x06\x4e\x6d\x99\x28" 
"\x35\x13\xdc\x06\xe7\x51\x5d\x0d\x73\x13\x2e\x9a\x0d\xc6\xd3\xb1" 
"\xf8\xb2\x46\xf1\xa9\x8a\x3£\xc7\x29\x41\xb1\xe3\xbb\x20\x98\xe8" 
"\ xb£\x16\xf2\x68\xd6\x4f£\x0b\x0f£\x47\x07\xfe\xle\xal\xal\x79\x1b" 
"\xa2\xf£3\xc0O\xc7\x58\xe5\xf5\x51\x86\x3a\x96\xc9\x49\xad\x47\xd7" 
"\xfb\x40\xd2" 

#define SHA1 SEED "\xd0\x56\x9c\xb3\x66\x5a\x8a\x43\xeb\x6e\xa2\x3d" 
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"\x75\xa3\xc4\xd2\x05\x4a\x0d\x7d" 

#define SHA224 SEED "\xd0\x56\x9c\xb3\x66\x5a\x8a\x43\xeb\x6e\xa2" х 
"\x3d\x75\xa3\xc4\xd2\x05\x4a\x0d\x7d\x66\xa9\xca\x99\xc9\xce\xb0" \ 
" \х27" 

#define SHA256_SEED "\xf4\xle\xce\x26\x13\xe4\x57\x39\x15\x69\x6b" \ 
"\x5a\xdc\xd5\xlc\xa3\x28\xbe\x3b\xf5\x66\xa9\xca\x99\xc9\xce\xb0" \ 
"\x27\x9c\xlc\xb0\xa7" 

#define SHA384 SEED "\x82\x40\xbc\x51\xe4\xec\x7e\xf7\x6d\x18\xe3" х 
"\x52\x04\xal\x9f£\x51\xa5\x21\x3a\x73\xa8\x1ld\x6£\x94\x46\x80\xd3" х 
"\x07\x59\x48\xb7\xe4\x63\x80\x4e\xa3\xd2\x6e\x13\xea\x82\x0d\x65" \ 
"\xa4\x84\xbe\x74\x53" 

#define SHA512 SEED "\x47\x3f£\xf1\xb9\xb3\xff\xdf\xal\x26\x69\x9a" х 
"\хс7\хеЕ\х9е\х8е\х78\х77\х73\х09\х58\х24\хсб\х42\х55\х7с\х13\х99" 
"\xd9\x8e\x42\x20\x44\x8d\xc3\x5b\x99\xbf\xdd\x44\x77\x95\x43\x92" 
"\x4c\xlc\xe9\x3b\xc5\x94\x15\x38\x89\x5d\xb9\x88\x26\x1lb\x00\x77" 
"\ x4b\x12\x27\x20\x39" 


т 


аж 


#define TESTCOUNT 10 
#define HASHCOUNT 5 
#define RANDOMCOUNT 4 
#define HMACTESTCOUNT 7 


#define PRINTNONE 0 
#define PRINTTEXT 1 
#define PRINTRAW 2 
#define PRINTHEX 3 
#define PRINTBASE64 4 


#define PRINTPASSFAIL 1 
#define PRINTFAIL 2 


#define length(x) (sizeof (х) -1) 


/* Test arrays for hashes. */ 
struct hash { 
const char *name; 
SHAversion whichSha; 
int hashsize; 
struct { 
const char *testarray; 
int length; 
long repeatcount; 
int extrabits; 
int numberExtrabits; 
const char *resultarray; 
} tests[TESTCOUNT]; 
const char *randomtest; 
const char *randomresults [RANDOMCOUNT] ; 
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} hashes[HASHCOUNT] = { 
{ "5НА1", 5НА1, SHAlHashSize, 

{ 

/* 1 */ { TESTI, length(TEST1), 1, 0, 0, 
"A9993E364706816ABA3E25717850C26C9CDOD89D" }, 
/* 2 */ ( TEST2 1, length(TEST2_1), 1, 0, 0, 
"84983E441C3BD26EBAAEA4AA1F95129E5E54670F1" }, 
/* 3 */ ( TEST3, length(TEST3), 1000000, 0, 0, 
"342A973CD4C4DAA4F 61EEB2BDBAD27316534016F" }, 
/* 4 */ { TEST4, length(TEST4), 10, 0, 0, 
"DEA356A2CDDD90C7A7ECEDC5EBB563934F460452" }, 
[* b *f т”, 05 0, 0x98; 5; 
"29826B003B906E660EFFA4027CE98AF3531AC75BA" }, 
/* 6 */ ( "\x5e", 1, 1, 0, 0, 
"5E6F80A34A97 98CAFC6A5DB96CC57BA4C4DB59C2" }, 
/* 7 */ ( TEST7_1, length(TEST7_1), 1, 0x80, 3, 
"6239781E03729919C01955B3FFA8ACB60B988340" }, 
/* 8 */ { TEST8_1, length(TEST8_1), 1, 0, 0, 
"8 2ABFF6605DBE1C1 7DEF12A3 94FA22A82B544A35" }, 
/* 9 */ { ТЕ5Т9 1, length(TEST9 1), 1, OxEO, 3, 
"8C5B2A5DDAE5A97FC7F9D85661C672ADBF7933D4" }, 
/* 10 */ ( TEST10 1, length(TEST10 1), 1, 0, 0, 
"CB0082C8F197D260991BA6A460E76E202BAD27B3" } 

}, 5НА1 SEED, ( "E216836819477C7F78E0D843FEA4FF1B6D6C14CD4", 
"A2DBC7A5B1C6COA8BCB7AAA41252A6A7D0690DBC", 
"DB1F9050BB863DFEF4CE37186044E2EEB17EE013", 
"127FDEDF43D372A51D5747CA8FBFFE38EF6CDF 7B" 

} }, 
{ "SHA224", SHA224, SHA224HashSize, 

{ 

/* 1 */ { TESTI, length(TEST1), 1, 0, 0, 
"23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7" |, 
/* 2 */ { TEST2 1, length(TEST2 1), 1, 0, 0, 
"75388B16512776CC5DBA5DA1FD890150B0C6455CB4F58B1952522525" }, 
/* 3 */ 1 TEST3, length(TEST3), 1000000, 0, 0, 
"20794655980C91D8BBB4C1EA97 61 8A4BF03F42581948B2EE4EE7AD67" |, 
/* 4 */ { TEST4, length(TEST4), 10, 0, 0, 
"567F69F168CD7844E65259CE658FE7AADFA25216E68ECAO0EB7AB8262" |), 
[LR uq 0; Оу 0568,5; 
'E3B048552C3C387BCAB37F6EBO6BB79B96AAAEE5FF27F51531A9551C" |, 
Je 16-7 D. BX ROTM Шу bo (б. 0; 
"00ECD5F138422B8AD74C9799FD826C531BAD2FCABC7450BEE2AA8C2A" |), 
/* 7 */ { TEST7 224, length(TEST7_224), 1, ОхА0, 3, 
"1B01DB6CB4A9E43DED151 6BEB3DB0B87B6D1EA43187462C608137150" }, 
/* 8 */ { TEST8_224, length(TEST8_224), 1, 0, 0, 
"DF90D78AA78821C99B40BA4C966921ACCD8FFB1E98AC388bE56191DB1" }, 
/* 9 */ ( TEST9 224, length(TEST9_224), 1, OxEO, 3, 
"54BEA6GEAB8195A2EB0A7906A4B4A876666300EEFBD1F3B8474F9CD57" }, 
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/* 10 */ ( TEST10 224, length(TEST10 224), 1, 0, O, 
"0B31894EC8937AD9B91BDFBCBA294D9ADEFAA18E09305E9F20D5C3A4" | 
), SHA224 SEED, { "100966А5В4ЕПЕОВ42Е2А6С59530407Е41ВА7СЕ79ЕР" 
"2DF431416734BE", "1DCA396B0C417715DEFAAE9641E10A2E99D55A" 
"BCB8A00061EB3BE8BD", "1864E627BDB2319973CD5ED7D68DA71D8B" 
"F0F983D8D9AB32C34ADB34", "A2406481FCIBCAF24DD08E6752E844" 
"709563FB916227FED598EB621F" 
} HH 
( "SHA256", SHA256, SHA256HashSize, 
{ 


/* 1 */ ( TESTI, length(TEST1), 1, 0, 0, "ВА7816ВЕ8Е01СҒЕА4141" 
"40DE5DAE2223B00361A396177A9CBA410FF61F20015AD" }, 

/* 2 */ ( TEST2 1, length(TEST2 1), 1, 0, 0, "248D6A61D20638B8" 

'E5C026930C3E6039A33CE45964FF2167F6ECEDDA19DBO6CI1" }, 

/* 3 */ ( TEST3, length(TEST3), 1000000, 0, 0, "CDC76E5C9914FB92" 
"81A1C7E284D73E67F1809A48A497200E046D39CCC7112CDO" }, 

/* 4 */ ( TESTA, length(TEST4), 10, 0, 0, "594847328451BDFA" 
"85056225462CC1D867D877FB388DFO0CE35F25AB5562BFBB5" |), 

/* 5 */ ( "", 0, 0, 0x68, 5, "D6D3E02A31A84A8CAA9718ED6C2057BE" 
"09DB45E7823EB5079CE7A573A3760F95" ), 

/* 6 */ ( "\x19", 1, 1, 0, 0, “68AA2E2EE5DFF96E3355E6C7EE373E3D" 
"бА4Е17Е75Е95180843709С0С9ВС3Е3р4" }, 

/* 7 */ ( TEST7 256, length(TEST7 256), 1, 0x60, 3, "77ЕС10С8" 
"OC821FF2A1279089FA091B35B8CD960BCAF7DE01C6A7680756BEB972" }, 

/* 8 */ ( TEST8 256, length(TEST8 256), 1, 0, 0, "175EE69BO2BA" 
"9B58bE2B0A5FD13819CEA573F3940A94F825128CF4209BEABBAE8" }, 

/* 9 */ { TEST9 256, length(TEST9 256), 1, OxAO, 3, "3E9AD646" 
"8BBBAD2AC3C2CDC292E018BA5FD70B960CF1679777FCE708FDBO66E9" }, 

/* 10 */ ( TEST10 256, length(TEST10 256), 1, 0, 0, "97DBCA7D" 
"Р46062С8А422С941007Е83588Ар3361763Е7Е9В2095Е4ЕОРА6Е1ССВС" }, 

}, SHA256 SEED, { "83D28614D49C3ADC1D6FCO5DB5F48037C056F8D2A4CE44" 
"EC6457DEA5DD797CD1", "99DBE3127EF2E93DD9322D6A07 90 9EB33B6399" 
"5E529B3F954B8581621BB74D39", "8D4BE295BB64661CA3C7EFD129A2F7" 
"25B33072DBDDE32385B9A87B9AF88EA76F", "AO0AF5D3F9716B040DF9408" 
"E31536B70FF906EC51B00447CA97D7DD97C12411F4" 

} }, 

{ "SHA384", SHA384, SHA384HashSize, 

{ 

/* 1 */ { TESTI, length(TEST1), 1, 0, 0, 
"CB00753F45A35E8BB5A03D699AC65007272C32ABOEDED163" 
"1A8B605AA43FF5BED8086072BA1E7CC2358BAECA134C825A7" }, 

/* 2 */ ( TEST2 2, length(TEST2 2), 1, 0, 0, 
"09330C33F71147E83D192FC782CD1B4753111B173B3B05D2" 
"2FA08086E3BOF712FCC7C71A557E2DB966C3E9FA91746039" }, 

/* 3 */ ( TEST3, length(TEST3), 1000000, 0, 0, 
"9D0E1809716474CB086E834E310A4A1CED149E9C0O0F24852" 
"7972CEC5704C2A5B07B8B3DC38ECC4EBAE97DDD87F3D8985" }, 

/* 4 */ { TEST4, length(TEST4), 10, 0, 0, 
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"2FC64A4F500DDB6828F6A3430B8DD72A368EB7F3A8322A70" 
"BC84275B9COB3AB00D27A5CC3C2D22 4AA6B61A0D79FB4596" }, 

е BOT Ae ONS Oy. 20, 0510,5, 
"8D17BE79E32B6718E07D8A603EB84BA0478F7FCFD1BB9399" 
"5F7D1149E09143ACIFFCFC56820E469F3878D957A15A3FE4" }, 

/* 6 */ ( "\xb9", 1, 1, 0, 0, 
"BC8089A19007C0B14195FA4ECC74094FEC64F01F90929282C" 
"2FB392881578208AD466828B1C6C283D2722CFO0AD1AB6938" }, 

/* 7 */ ( TEST7 384, length(TEST7 384), 1, ОхА0, 3, 
"D8CA43B38E12E7C42A7C9B810299FD6A770BEF30920F17532" 
"A898DE62C7A07E42 9344 9COB5FA70109F0783211CFC4BCE3" }, 

/* 8 */ { TEST8_384, length(TEST8_384), 1, 0, 0, 
"C9A68443A005812256B8EC76B00516F0DBB74FAB26D66591" 
"SF194B6FFBOE91EA9967566B58109CBC675CC208E4C823F7" үр, 

/* 9 */ { TEST9 384, length(TEST9_384), 1, OxEO, 3, 

"58 60E8DE91C21578BB4174D227898A98E0B45C4C760F0095" 
"49495614DAEDCO775D92D11D9F8CE9BOG6A4EEAC8DAFC3A297" }, 

/* 10 */ { TEST10_384, length(TEST10_384), 1, 0, 0, 
"4F440DB1E6EDD28 9 9FA335F09515AA025EE177A7 9F 4B4AAF" 
"38E42B5C4DE660F 5DE8FB2A5B2FBD2A3CBFFD20CFF1288C0" } 

}, SHA384 SEED, ( "CE44D7D63AE0C91482998CF662A51EC80BF6FC68661A3C" 
"57F87566112BD635A743EA904DEB7D7A42AC808CABE697F38F", "FO9C6D2" 
"61881FEE41ACD39E67AA8D0BAD507C7363EB67E2B81F45759F9COFD78B503" 
"DF1A0B9E80BDE7BC333D75B804197D", "9651208С9Е4А7А4967А366С01" 
"C6FD97384225B58343A88264847C18EA4EF8AB7AEE47 65FFBC3E30BD485D3" 
"638A01418F", "0CA76BD0813AF1509E170907A96005938BC985628290B2" 
"5FEF73CF6FAD68DDBA0AC8920C94E0541607B80915A7B4457F7" 


о}, 
{ "SHA512", SHA512, SHA512HashSize, 
{ 

/* 1 */ (TESTI, length (TESTI) ,. 1, 0, 0, 
"DDAF35A193617ABACC41734 9AE20413112E6FA4E8 9A97EA2" 
" 0A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD" 
"45404423643СЕ80Е2А9АС94ЕА54СА49Е" }, 

/* 2 */ { TEST2_2, length(TEST2 2), 1; 0, 0, 
"8E959B75DAE313DA8CF4F72814FC143F8F7779C6EB9F7FA1" 
"7299AEADB6889018501D289E4900F7E4331B99DECA4B5433A" 
"C7D329EEB6DD26545E96E55B874BE909" }, 

/* 3 */ ( TEST3, length(TEST3), 1000000, 0, 0, 

1Е71848300СЕ769644Е2Е42С7ВС15В4638Е1Ғ98В13В204428" 
"5632А803АҒА97ЗЕВрЕ0ҒЕҒ244877ЕА60А4СВ0432СЕ577С31В" 
"ЕВОО9С5С2С49АА2Е4ЕАРВ217АР8ССО9В" |, 

/* 4 */ ( TESTA, length(TEST4), 10, 0, 0, 
"8 9D05BA632C699C31231DED4FFC127D5A894DAD412C0E024" 
"DB872D1ABD2BA8141A0F85072A9BE1E2AA04CF33C765CB51" 
"0813A39CD5A84CA4ACAA64D3F3FB7BAE9" }, 

/* 5 */ ( "", 0, 0, OxBO, 5, 
"DA4EE29A9E90985446B913CF1D1376C836FA4BE2CI1CF3CADAO" 
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"720A6BF4857D88 6A7ECB3C4E4COFA8C7F95214E41DC1B0D2" 
"1B22A84CCO3BF8CE4845F34DD5BDBAD4" }, 

/* 6 */ ( "NxDO", 1, 1, 0, 0, 
"9992202938E882E73E20F6B69E68A0A7149090423D93C81B" 
"AB3F21678D4ACEEEE5 0E4E8CAFADA4C85A54EA8306826C4A" 
"D6E74CECE9631BFA8A549B4AB3FBBA15" |), 

/* 7 */ ( TEST7 512, length(TEST7 512), 1, 0x80, 3, 
"ED8DC78E8B01B69750053DBB7AO0A9EDAOFB9E9D292B1ED71" 
"5E80A7FE290A4E16664FD913E85854400C5AF05E6DAD316B" 
"7359B43E64F8BEC3C1F237119986BBB6" }, 

/* 8 */ ( TEST8 512, length(TEST8 512), 1, 0, 0, 
"CB0B67A4B8712CD73C9AABCOB199E9269B20844AFB7 5ACBD" 
"D1C153C9828924C3DDEDAAFE669C5FDDOBC66F630F677398" 
"821ЗЕВІВ16Е517Ар0рЕ4В2Е0С95С90Ғ8" }, 

/* 9 */ ( TEST9 512, length(TEST9 512), 1, 0x80, 3, 

"32BA7 6FC30EAA0208AEB50FFB5AF1864FDBF17902A4DCOA6" 
"82C61FCEA6D92B783267B21080301837F59DE79C6B337DB2" 
"526F8A0A510E5E53CAFED4355FE7C2F1" ), 

/* 10 */ ( TEST10 512, length(TEST10 512), 1, 0, 0, 
"C665BEFB36DA189D78822D10528CBF3B12B3EEF726039909" 
"C1A16A270D48719377966B957A878E720584779A62825C18" 
"DA26415E49A7176A894E7510FD1451F5" } 

}, SHA512 SEED, ( "2ЕВВ1Е7Е00Е746ВА514ЕВС8С421Е36792ЕС0Е11ЕР5ЕЕС3" 
"78E1AB0CO7 9AA5FOF66A1E3EDBAEB4F 998 4BE14437123038A452004A5576" 
"8С1Ер8ЕЕр49Е4А21ВЕрСрО", "25CBE5A4F2C7B1D7EF07011705D50C62C5" 
"000594243ЕАЕр1241ЕС9Е3р22В58184АЕ2ЕЕЕ38Е171СЕ8129Е29459С9ВС2" 

"EF 461AF5708887315F15419D8D17FE7949", "5B8B1F2687555CE2D7182B" 

"92E5C3F6C36547DA1C13DBB9EA4F 7 3EA4CBBAF 8 9411527906D35B1B06C1B" 

"6A8007D05EC66DF0A40 606682 9EAB618BDE3976515AAFC", "46E36B007D" 

"19876CDBOB29AD074FE3CO8CDD174D42169D6ABE5A1414B6E79707DF5877" 

"6A98091CF431854147BB6D3C66D43BFBC108FD715BDE6AA127C2BOE79F" 


) 
}; 


/* Test arrays for HMAC. */ 
struct hmachash { 
const char *keyarray[5]; 
int keylength[5]; 
const char *dataarray[5]; 
int datalength[5]; 
const char *resultarray[5]; 
int resultlength[5]; 
} hmachashes[HMACTESTCOUNT] = ( 
[y Bede RH 
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 
"\x0b\x0b\x0b\x0b\x0b" 
}, { 20 }, 4 
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}, 


}, 


}, 


"\x48\x69\x20\x54\x68\x65\x72\x65" /* "Hi There" */ 


/* HMAC-SHA-1 */ 
17318655057264Е28ВС0В6ЕВ378С8ЕЕ146ВЕ00", 
НМАС-5НА-224 */ 
"896FB1128ABBDF196832107CD4 9DF33F47B4B1169912BA4F53684B22", 
НМАС-5НА-256 */ 
"B0344C61D8DB38535CA8AFCEAFOBF12B881DC200C9833DA726E9376C2E32" 
"СЕЕ7" 2 
/* НМАС-5НА-384 */ 
"AFD03944D848 9562 6B0825F 4AB46907F15F 9DADBE4101EC682AA034C7CEB" 
"C5 9CFAEA9EFA9076EDE7F4AF152E8B2FA9CB6", 
/* НМАС-5НА-512 */ 
"8 7AA7CDEASEF 61 9D4FF0B4241A1D6CB0237 9F4E2CE4EC2787AD0B30545E1" 
"7 CDEDAA8 33B7D6B8A702038B27 4EAFRA3F 4E4BE9D 91 4EEB61F1702E696C20" 
"3A126854" 

| SHAlHashSize, SHA224HashSize, SHA256HashSize, 
SHA384HashSize, SHA512HashSize } 


ВИЧ 


}, 


}, 


}, 


}, 


"\x4da\x65\x66\x65" /* "Jefe" */ 

1-4,4 
"\x77\x68\x61\K74\x20\x64\x6£\xX20\xK79\x61\xK20\x77\x61\x6e\x74" 
"\x20\x66\x6£\xX72\x20\x6e\x6£\x74\x68\x69\x6e\x67\x3£" 
/* "what do ya want for nothing?" */ 

{ 28 }, { 
/* HMAC-SHA-1 */ 
"EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79", 
/* HMAC-SHA-224 */ 
"A30E01098BC6DBBF45690F3A7E9E6DOF8BBEA2A39E6148008FD05EA44", 
/* HMAC-SHA-256 */ 
"5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC" 
"3843", 
/* HMAC-SHA-384 */ 
"AFA5D2E376484031617F78D2B58A6B1B9C7EF464F5A01BA7E42EC3736322" 
"445E8E2240CA5E69E2C78B3239ECFAB21649", 
/* HMAC-SHA-512 */ 
"164B7A7BFCF819E2E395FBE73B56E0A387BD64222E831FD610270CD7EA25" 
"05549758BF75C05A994A6D034F 65F8FOEG6GFDCAEAB1A34DA4A6B4B636E070A" 
"38BCE737" 

{ SHAlHashSize, SHA224HashSize, SHA256HashSize, 
SHA384HashSize, SHA512HashSize } 


с Ку, 


{ 


}, 


"\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа\хаа" 
"\хаа\хаа\хаа\хаа\хаа" 
{ 20 }, { 
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"\ xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 
"\ xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 
"\ xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 
"\хаа\хаа\хаа\хаа\хаа" 

}, ( 50}, í 
/* HMAC-SHA-1 */ 
"125D7342B9AC11CD91A3 9AF4 8AA17B4F63F175D3", 
/* HMAC-SHA-224 */ 
"7FB3CB3588C6C1F6FFA9694D7D6AD2 6493 65B0CIF65D69D1EC8333EA", 
/* HMAC-SHA-256 */ 
"773EA91E36800E46854DB8EBD0 9181A72959098B3EF8C122D9635514CED5" 
" 65ЕЕ", 
/* HMAC-SHA-384 */ 
"88062608D3E6AD8A0AA2ACE014C8A8 6F0AA635D947AC 9FEBE8 3EF4E55966" 
"144B2A5AB39DC13814B94E3AB6E101A34F27", 
/* HMAC-SHA-512 */ 
"FA73B0089D56A284EFBOF0756C890BE9B1B5DBDD8EE81A3655F83E33B227" 
"9D39BF3E848279A722C806B485A47E67C807B946A337BEE8942674278859" 
"E13292FB" 

}, 1 SHAlHashSize, SHA224HashSize, SHA256HashSize, 
SHA384HashSize, SHA512HashSize } 


}, 

{ /* 4 */ { 
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0£" 
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19" 

}, (25 1,1 
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 
"\xcd\xcd\xcd\xcd\xcd" 

}, { 50 }, { 

/* НМАС-5НА-1 */ 

"4C9007F4026250C6BC8414F9BF50C86C2D7235DA", 

/* HMAC-SHA-224 */ 
"6C11506874013CAC6A2ABC1BB382627CEC6A90D86EFCO12DE7AFEC5A", 

/* HMAC-SHA-256 */ 
"82558A389A443COEA4CC819899F2083A85FOFAA3E578F8077A2E3FF46729" 
" 665B", 
/* HMAC-SHA-384 */ 

"3E8A69B7783C25851933AB62 90AF6CA77A9981480850009CC5577C6E1F57" 
"3B4E6801DD23C4A7D67 9CCF8A386C674CFFB", 

/* HMAC-SHA-512 */ 
"B0BA465637458C6990E5A8C5F61DA4AF7E576D97FF94B872DE76F8050361E" 
"E3DBA91CA5C11AA25EBA4D679275CC5788063A5F19741120CAF2DE2ADEBEB" 
"10A298DD" 

}, ( SHAlHashSize, SHA224HashSize, SHA256HashSize, 
SHA384HashSize, SHA512HashSize } 


}, 
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PA WE NEU ЧЇ 
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c" 
"\x0c\x0c\x0c\x0c\x0c" 

}, { 20 }, { 
"Test With Truncation" 

}, { 20 }, { 
/* НМАС-5НА-1 */ 
"4С1А03424В55Е07ЕЕ7Е27ВЕ1", 
/* НМАС-5НА-224 Х/ 
"OR2AFA68A90C8D37C988BCDB9FCA6FA8", 
/* HMAC-SHA-256 */ 
"A3B6167473100EE06E0C796C2955552B", 
/* HMAC-SHA-384 */ 
"ЗАВЕЗ4С3503В2А23А46ЕЕС619ВАЕЕ897", 
/* НМАС-5НА-512 */ 
"415FAD6271580A531D4179BC891D87A6" 

hs f 12, 16, 26, 26, L6 +} 


}, 

{ /* 6 */ { 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 

}, { 80, 131 }, { 
"Test Using Larger Than Block-Size Key - Hash Key First" 

ю { 54 }, 1 
/* НМАС-5НА-1 */ 
"AAA4AE5E15272D00E95705637CE8A3B55EDA402112", 
/* HMAC-SHA-224 */ 
"95E9AO0DB962095ADAEBE9B2D6FODBCE2D499F112F2D2B7273FA6870E", 
/* HMAC-SHA-256 */ 
"60E431591EE0B67FO0D8A26AACBF5B77F8E0BC6213728C5140546040FO0EE3" 
"7Е54 "> 
/* HMAC-SHA-384 */ 
"AECE084485813E9088D2C63A041BC5BAA4FO9EF1012A2B588F3CD11F05033A" 
"CAC60C2bEF6ABA030FE8296248DF163F44952", 
/* HMAC-SHA-512 */ 
"80B24263C7C1A3EBB71493C1DD7BE8B4 9B4 6D1F41B4AEEC1121B013783F8" 
"F3526B56D037E05F2598BDOFD2215D6A1E5295E64F73F63FO0AEC8B915A98" 
"5D786598" 

}, 1 SHAlHashSize, SHA224HashSize, SHA256HashSize, 
SHA384HashSize, SHA512HashSize } 


}, 
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pe Rp d 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 

}, { 80, 131 }, { 

"Test Using Larger Than Block-Size Key and " 

"Larger Than One Block-Size Data", 

"\х54\х68\х69\х73\х20\х69\х73\х20\х61\х20\х74\х65\х73\х74\х20" 

"\х75\х73\хб9\хбе\х67\х20\х61\х20\хбс\хб1\х72\х67\х65\х72\х20" 

"\х74\х68\х61\хбе\х20\х62\хбс\хбЕ\х63\хбр\х2а\х73\хб9\х7а\хб5" 

"\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67" 

"\х65\х72\х20\х74\х68\х61\хбе\х20\х62\хбс\хбЕ\хб3\хбр\х2а\х73" 

"\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b" 

"\x65\x79\x20\x6e\x65\x65\x64\x73\x20\xK74\x6£\x20\x62\x65\x20" 

"\х68\х61\х73\х68\хб5\хб4\х20\х62\х65\хбб\хбЕ\х72\х65\х20\х62" 

"\хб5\хб9\хбе\хб7\х20\х75\х73\х65\хб64\х20\х62\х79\х20\х74\х68" 

"\хб5\х20\х48\х4а\х41\х43\х20\х61\хбс\хб7\хб#\х72\х69\х74\х68" 

"\хба\х2е" 

/* "This is a test using a larger than block-size key апа а " 
"larger than block-size data. The key needs to be hashed " 
"before being used by the HMAC algorithm." */ 

}, ( 73, 152 }, { 

/* НМАС-5НА-1 */ 

"E8E99DOFA45237D786D6BBAA7965C7808BBFF1A91", 

/* HMAC-SHA-224 */ 

"3A854166AC5D9F023F54D517D0B39DBD946770DB9C2B95C9F6F565D1", 

/* HMAC-SHA-256 */ 

"OBO09FFA71B942FCB27635FBCD5BOE944BFDC63644F0713938A7F51535C3A" 

"35Е2 ЫГ 

/* НМАС-5НА-384 */ 

"6617178E941F020D351E2F254E8FD32C602420FEBOB8FB9ADCCEBB82461E" 

"99C5A678CC31E799176D3860E6110C46523E", 

/* HMAC-SHA-512 */ 

"E37B6A775DC87DBAAADFA9F96E5E3FFDDEBD71F8867289865DF5A32D20CD" 

"C944B6022CAC3CA982B10D5EEB55C3E4DE15134676FB6DE0446065C97440" 

"FA8C6A58" 

}, 1 SHAlHashSize, SHA224HashSize, SHA256HashSize, 

SHA384HashSize, SHA512HashSize } 
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* Check the hash value against the expected string, expressed in hex 
x 

static const char hexdigits[] = "0123456789ABCDEF"; 

int checkmatch(const unsigned char *hashvalue, 
const char *hexstr, int hashsize) 


( 


int i; 
for (i = 0; i « hashsize; ++i) { 
if (*hexstr++ != hexdigits[ (hashvalue[i] >> 4) 6 OxF]) 
return 0; 
if (*hexstr++ != hexdigits[hashvalue[i] & OxF]) return 0; 


} 


return 1; 


} 
/* 


х Print the string, converting non-printable characters to "." 
*/ 
void printstr(const char *str, int len) 
{ 
for ( ; len-- > 0; str++) 
putchar (isprint ( (unsigned char)*str) 2 *str : '.'); 


} 
/* 


* Print the string, converting non-printable characters to hex "## ". 

* 
void printxstr(const char *str, int len) 
{ 

for ( ; len-- > 0; str++) 
printf ("сес ", hexdigits[(*str >> 4) & OxF], 
hexdigits[*str & OxF]); 

} 


/ж 
* Print a usage message. 
*/ 
void usage(const char *argv0) 
{ 
fprintf(stderr, 
"Usage:\n" 
"Common options: [-h hash] [-w|-x] [-H]\n" 
"Standard tests:\n" 
"\t%s [-m] [-1 loopcount] [-t test#] [-e]\n" 
"\t\t[-r randomseed] [-В randomloop-count] " 
"[-p] [-P|-X] An" 
"Hash a string: Mn" 
"\t%s [-S expectedresult] -s hashstr [-k key]\n" 
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"Hash a file:\n" 

"\t%s [-S expectedresult] -f file [-k key]\n" 
"Hash a file, ignoring whitespace:\n" 

"Nt$s [-S expectedresult] -F file [-k key]\n" 
"Additional bits to add in: [-B bitcount -b bits]\n" 
"-hNthash to test: " 

"O|SHA1, 1|sHA224, 2|SHA256, 3|SHA384, 4|SHA512\n" 
"-m\tperform hmac test\n" 

"-k\tkey for hmac test\n" 
"—tNttest case to run, 1-10\n" 
"-]Nthow many times to run the test\n" 
"-e\ttest error returns Vn" 
"-pNtdo not print results Mn" 
"-P\tdo not print PASSED/FAILED\n" 
"—XNtprint FAILED, but not PASSED\n" 
"-rNtseed for random test n" 
"-R\thow many times to run random test \п" 
"-sNtstring to hash\n" 
"-SNtexpected result of hashed string, in hex\n" 
"-w\toutput hash іп raw format\n" 
"-x\toutput hash in hex format Wn" 
"_B\t# extra bits to add in after string or file input\n" 
"-b\textra bits to add (high order bits of #, 04 or Ox#)\n" 
"-HNtinput hashstr or randomseed is in hex\n" 
, агау0, argvO, агау0, argv0); 
exit (1); 
} 


/* 
* Print the results and PASS/FAIL. 
*/ 
void printResult(uint8 t *Message Digest, int hashsize, 
const char *hashname, const char *testtype, const char *testname, 
const char *resultarray, int printResults, int printPassFail) 


int i, k; 


if (printResults == PRINTTEXT) { 
putchar('Nt'); 
for (i = 0; i < hashsize ; 441) 4 


putchar(hexdigits[(Message Digest[i] >> 4) & OxF]); 

putchar (hexdigits[Message_Digest[i] & OxF]); 
putchar(' '); 

} 

putchar(’\n’); 


} else if (printResults == PRINTRAW) { 
fwrite(Message Digest, 1, hashsize, stdout); 
} else if (printResults == PRINTHEX) { 
for (i = 0; i < hashsize ; ++i) { 
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ж 


int hash(int testno, int loopno, int hashno, 


putchar (hexdigits[ (Message_Digest [i] 


SHAs апа HMAC-SHAs July 2006 


>> 4) 6 OxF]); 


putchar (hexdigits[Message_Digest[i] & OxF]); 


} 
putchar(’\n’); 
} 


if (printResults && resultarray) { 
printf (" Should match:\n\t"); 


for (i = 0, К = 0; i < hashsize; itt, К += 2) { 


putchar (resultarray[k]); 
putchar (resultarray[k+1]); 
putchar(' '); 
} 
putchar(’\n’); 
} 


if (printPassFail && resultarray) { 


int ret = checkmatch(Message Digest, resultarray, hashsize); 


if ((printPassFail == PRINTPASSFAIL) || 


!ret) 


printf("$s 55 $s: $sWMn", hashname, testtype, testname, 


ret ? "PASSED" : "FAILED"); 


Exercise a hash series of functions. The input is the testarray, 
repeated repeatcount times, followed by the extrabits. If the 
result is known, it is in resultarray in uppercase hex. 


/ 


const char *testarray, int length, long repeatcount, 
int numberExtrabits, int extrabits, const unsigned char *keyarray, 
int keylen, const char *resultarray, int hashsize, int printResults, 


int printPassFail) 


USHAContext sha; 

HMACContext hmac; 

int err, i; 

uint8 t Message Digest[USHAMaxHashSize]; 
char buf[20]; 


if (printResults == PRINTTEXT) { 
printf("\nTest %d: Iteration %d, Repeat 
loopno, repeatcount) ; 
printstr(testarray, length); 
printf("'NnNt^"); 
printxstr(testarray, length); 
printf("’\n"); 
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printf(" Length-$d bytes ($d bits), ", length, length * 8); 
%2.2х\п", numberExtrabits, extrabits); 


printf("ExtraBits $d: 


} 
'N343', sizeof(sha)); /* force bad data into struct */ 


memset (&hmac, 'N343', sizeof (hmac) ); 
= keyarray ? hmacReset(&hmac, hashes [hashno] .whichSha, 


err = 
keyarray, keylen) 
USHAReset(&sha, hashes [hashno] .whichSha) ; 


if (err != shaSuccess) { 
fprintf(stderr, "hash(): 
keyarray ? "hmac" 


return err; 


} 


memset (&sha, 


$sReset Error %d.\n", 
"sha", err); 


for (1 = 0; i < repeatcount; ++i) { 
err = keyarray ? hmacInput(&hmac, (const uint8 t *) testarray, 
length) 
USHAInput(&sha, (const uint8 t *) testarray, 
length) ; 
if (err != shaSuccess) { 
fprintf(stderr, "hash(): $sInput Error %d.\n", 
keyarray ? "hmac" "sha", err); 
return err; 
} 
} 
if (numberExtrabits > 0) { 
err = keyarray ? hmacFinalBits(&hmac, (uint8_t) extrabits, 
numberExtrabits) 


USHAFinalBits(&sha, (uint8 t) extrabits, 
numberExtrabits); 


if (err != shaSuccess) { 


fprintf(stderr, "hash(): 
keyarray ? "hmac" 


$sFinalBits Error %d.\n", 
"sha", err); 


return err; 


Message Digest) 
Message Digest); 


err = keyarray ? hmacResult (&hmac, 


USHAResult (&sha, 
if (err != shaSuccess) { 


fprintf(stderr, "hash(): 
"Compute message digest. Wn", 


Ш 


could not 


$s Result Error 54, 
"Sha", err); 


keyarray ? "hmac" 


return err; 
} 


sprintf (buf, "54", ёеѕіпо+1); 
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printResult (Message Digest, hashsize, hashes[hashno].name, 
keyarray ? "hmac standard test" : "sha standard test", buf, 
resultarray, printResults, printPassFail); 


return err; 


} 
/* 


* Exercise a hash series of functions. The input is a filename. 
* If the result is known, it is in resultarray in uppercase hex. 
*/ 

int hashfile(int hashno, const char *hashfilename, int bits, 
int bitcount, int skipSpaces, const unsigned char *keyarray, 
int keylen, const char *resultarray, int hashsize, 
int printResults, int printPassFail) 


USHAContext sha; 

HMACContext hmac; 

int err, nread, c; 

unsigned char buf[4096]; 

uint8 t Message Digest[USHAMaxHashSize]; 

unsigned char cc; 

FILE *hashfp = (strcmp(hashfilename, "-") == 0) ? stdin 
fopen(hashfilename, "r"); 


if (!hashfp) { 
fprintf(stderr, "cannot open file ’%s’\n", hashfilename) ; 
return shaStateError; 


} 


memset (&sha, 'N343', sizeof(sha)); /* force bad data into struct */ 
memset (&hmac, 'N343', sizeof(hmac)); 
err = keyarray ? hmacReset(&hmac, hashes[hashno].whichSha, 
keyarray, keylen) 
USHAReset(&sha, hashes[hashno].whichSha); 


if (err != shaSuccess) { 
fprintf(stderr, "hashfile(): $sReset Error %d.\n", 
keyarray ? "hmac" : "sha", err); 


return err; 


} 


if (skipSpaces) 


while ((c = getc(hashfp)) != EOF) { 
if (!isspace(c)) { 
cc = (unsigned char)c; 


err = keyarray ? hmacInput(&hmac, &cc, 1) 
USHAInput (&sha, &cc, 1); 
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if (err != shaSuccess) { 
fprintf(stderr, "hashfile(): %sInput Error %d.\n", 
keyarray ? "hmac" : "sha", err); 
if (hashfp != stdin) fclose(hashfp) ; 


return err; 


} 
else 
while ((nread = fread(buf, 1, sizeof(buf), hashfp)) > 0) { 
err = keyarray ? hmacInput(&hmac, buf, nread) 
USHAInput(&sha, buf, nread); 
if (err != shaSuccess) { 
fprintf(stderr, "hashfile(): $s Error %d.\n", 
keyarray ? "hmaclInput" : "shaInput", err); 
if (hashfp != stdin) fclose(hashfp); 
return err; 


if (bitcount » 0) 
err = keyarray ? hmacFinalBits(&hmac, bits, bitcount) 
USHAFinalBits(&sha, bits, bitcount); 
if (err != shaSuccess) { 
fprintf(stderr, "hashfile(): $s Error %d.\n", 
keyarray ? "hmacResult" : "shaResult", err); 
if (hashfp != stdin) fclose(hashfp); 
return err; 


err = keyarray ? hmacResult(&hmac, Message Digest) 
USHAResult(&sha, Message Digest); 
if (err != shaSuccess) { 
fprintf(stderr, "hashfile(): $s Error %d.\n", 
keyarray ? "hmacResult" : "shaResult", err); 
if (hashfp != stdin) fclose(hashfp); 
retufn efr; 


} 


printResult (Message_Digest, hashsize, hashes[hashno].name, "file", 
hashfilename, resultarray, printResults, printPassFail); 


if (hashfp != stdin) fclose(hashfp) ; 
return err; 


} 
/* 


* Exercise a hash series of functions through multiple permutations. 
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The input is an initial seed. That seed is replicated 3 times. 

For 1000 rounds, the previous three results are used as the input. 
This result is then checked, and used to seed the next cycle. 

If the result is known, it is in resultarrays in uppercase hex. 

/ 

void randomtest(int hashno, const char *seed, int hashsize, 

const char **resultarrays, int randomcount, 

int printResults, int printPassFail) 


+ ж + ox ж 


int i, 3; char buf[20]; 
unsigned char SEED[USHAMaxHashSize], MD[1003][USHAMaxHashSize]; 


/* INPUT: Seed - A random seed n bits long */ 

memcpy (SEED, seed, hashsize); 

if (printResults == PRINTTEXT) { 
printf("$s random test seed= ”", hashes[hashno] .name) ; 
printxstr(seed, hashsize); 
printf("’\n"); 

} 


for (j = 0; j < randomcount; j++) { 

/* MDO MD1 MD2 Seed; */ 

memcpy (MD[0], SEED, hashsize); 

memcpy (Мр [1], SEED, hashsize); 

memcpy (Мр [2], SEED, hashsize); 

for (i=3; i<1003; i++) { 
/* Mi = MDi-3 || MDi-2 || MDi-1; */ 
USHAContext Mi; 
memset (&Mi, 'N343', sizeof(Mi)); /* force bad data into struct */ 
USHAReset(&Mi, hashes[hashno].whichSha); 
USHAInput(&Mi, MD[i-3], hashsize); 
USHAInput (&Mi, MD[i-2], hashsize); 
USHAInput (&Мі, MD[i-1], hashsize); 
/* MDi = SHA(Mi); */ 
USHAResult(&Mi, MD[il); 


} 


/* MDj = Seed = MDi; */ 
memcpy (SEED, MD[i-1], hashsize); 


/* OUTPUT: MDj */ 

sprintf (buf, "$d", j); 

printResult (SEED, hashsize, hashes[hashno].name, "random test", 
buf, resultarrays ? resultarrays[j] : 0, printResults, 
(1 < RANDOMCOUNT) ? printPassFail : 0); 
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/* 
* Look up a hash name. 
жу 
int findhash(const char *argv0, const char *opt) 
{ 
int i; 
const char *names[HASHCOUNT] [2] = { 
{ "o. тырат” s { шы "sha224" Ey { "24", "sha256" hy 
{ "3:1, "sha384" }, { Ат "sha512" } 
}; 


for (i = 0; i < HASHCOUNT; i++) 
if ((stremp(opt, names[i][0]) == 0) 
(scasecmp (opt, names[i][1]) == 
return i; 


fprintf(stderr, "%s: Unknown hash name: ’%s’\n", argvO, opt); 
usage (argv0); 
return 0; 


} 
/* 


* Run some tests that should invoke errors. 
ЫГ 
void testErrors(int hashnolow, int hashnohigh, int printResults, 
int printPassFail) 


USHAContext usha; 
uint8 t Message Digest[USHAMaxHashSize]; 
int hashno, err; 


for (hashno = hashnolow; hashno <= hashnohigh; Һаѕһпо++) { 
memset(&usha, 'N343', sizeof(usha)); /* force bad data */ 
USHAReset(&usha, hashno); 
USHAResult(&usha, Message Digest); 
err = USHAInput(&usha, (const unsigned char *)"foo", 3); 


if (printResults == PRINTTEXT) 
printf ("\nError $d. Should be %d.\n", err, shaStateError); 
if ((printPassFail == PRINTPASSFAIL) || 
((printPassFail == PRINTFAIL) && (err != shaStateError))) 
printf("$s se: %s\n", hashes[hashno].name, 
(err == shaStateError) ? "PASSED" : "FAILED"); 


err = USHAFinalBits(&usha, 0x80, 3); 


if (printResults == PRINTTEXT) 
printf ("\nError $d. Should be %d.\n", err, shaStateError); 
if ((printPassFail == PRINTPASSFAIL) || 
((printPassFail == PRINTFAIL) && (err != shaStateError))) 
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printf("$s se: %s\n", hashes[h 


(err == shaStateError) ? 


err = USHAReset (0, hashes [hashno 
if (printResults == PRINTTEXT) 


printf("\nError $d. Should be %d.\n", err, shaNull); 
if ((printPassFail == PRINTPASSFAIL) | | 
((printPassFail == PRINTFAIL) && (err != shaNull))) 
printf("$s usha null: %s\n", hashes [hashno] .name, 
(err == shaNull) ? "PASSED" "FAILED"); 
switch (hashno) { 
case SHA1: err = SHAlReset(0); break; 
case SHA224: err - SHA224Reset(0); break; 
case SHA256: err - SHA256Reset(0); break; 
case SHA384: err - SHA384Reset(0); break; 
case SHA512: err - SHA512Reset(0); break; 
} 
if (printResults == PRINTTEXT) 
printf("\nError %d. Should be %d.\n", err, shaNull); 
if ((printPassFail == PRINTPASSFAIL) | | 
((printPassFail == PRINTFAIL) && (err != shaNull))) 
printf("$s sha null: %s\n", hashes [hashno].name, 
(err == shaNull) ? "PASSED" "FAILED"); 


} 


/* replace a hex string in place wit 
int unhexStr(char *hexstr) 


{ 


"PASSED" 
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ashno].name, 
"FAILED"); 


].whichSha); 


h its value */ 


char *o = hexstr; 
int len = 0, nibblel = 0, nibble2 = 0; 
if (!hexstr) return 0; 
for ( р *hexstr; hexstr++) { 
if (isalpha((int) (unsigned char) (*hexstr))) { 
nibblel = tolower(*hexstr) - ’a’ + 10; 
} else if (isdigit((int) (unsigned char) (*hexstr))) { 
nibblel = *hexstr - ”0”; 
} else { 


printf("\nError: bad hex character '$c'Mn", 


} 


if (!*++hexstr) break; 

if (isalpha((int) (unsigned char) (*hexstr))) { 
nibble2 = tolower(*hexstr) - ба” + 10; 

) else if (isdigit((int) (unsigned char) (*hexstr))) { 
nibble2 = *hexstr = ”0”; 

} else { 


*hexstr); 
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} 
*о++ = (char) ((nibblel << 4) | nibble2); 
1еп++; 

} 

return len; 


} 


int main(int argc, char **argv) 

{ 
int i, err; 
int loopno, loopnohigh = 1; 
int hashno, hashnolow = 0, hashnohigh = HASHCOUNT - 1; 
int testno, testnolow testnohigh; 
int ntestnohigh = 0; 
int printResults = PRINTTEXT; 
int printPassFail = 1; 
int checkErrors = 0; 
char *hashstr = 0; 
int hashlen = 0; 
const char *resultstr = 
char *randomseedstr = 0; 
int runHmacTests = 0; 
char *hmacKey = 0; 
int hmaclen = 0; 
int randomcount = RANDOMCOUNT; 
const char *hashfilename = 0; 
const char *hashFilename = 0; 
int extrabits = 0, numberExtrabits = 0; 
int strIsHex = 0; 


ll 
© 
~ 


0; 


while ((1 = xgetopt (argc, argv, "b:B:ef:F:h:Hk:l:mpPr:R:s:S:t:wxX") ) 


І- -1) 
switch (1) { 
case 'b': extrabits = strtol(xoptarg, 0, 0); break; 
case 'B': numberExtrabits = atoi(xoptarg); break; 
case 'e': checkErrors = 1; break; 


case 'f': hashfilename = xoptarg; break; 
case "Е”: hashFilename = xoptarg; break; 


case 'h': hashnolow = hashnohigh = findhash(argv[0], xoptarg); 
break; 

case 'H': strIsHex = 1; break; 

case 'k': hmacKey = xoptarg; hmaclen = strlen(xoptarg); break; 

case ’1’: loopnohigh = atoi(xoptarg); break; 

case 'm': runHmacTests = 1; break; 

case 'P': printPassFail = 0; break; 

case 'p': printResults = PRINTNONE; break; 

case 'R': randomcount = atoi(xoptarg); break; 


case 'r': randomseedstr = xoptarg; break; 
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case 's': hashstr = xoptarg; hashlen = strlen(hashstr); break; 
case ’S’: resultstr = xoptarg; break; 
case 't': testnolow = ntestnohigh = atoi(xoptarg) - 1; break; 


case 'w': printResults = PRINTRAW; break; 
case 'x': printResults = PRINTHEX; break; 
case 'X': printPassFail = 2; break; 
default: usage (argv[0]); 

} 


if (strIsHex) { 
hashlen = unhexStr (hashstr); 
unhexStr (randomseedstr) ; 
hmaclen = unhexStr (hmacKey); 
} 
testnohigh = (ntestnohigh != 0) ? ntestnohigh: 
runHmacTests ? (HMACTESTCOUNT-1) : (TESTCOUNT-1); 


if ((testnolow < 0) || 
(testnohigh >= (runHmacTests ? HMACTESTCOUNT : TESTCOUNT)) | | 
(hashnolow < 0) || (hashnohigh >= HASHCOUNT) | | 
(hashstr && (testnolow == testnohigh)) || 
(randomcount < 0) || 
(resultstr && (!hashstr && !hashfilename && !hashFilename)) | | 
((runHmacTests || hmacKey) && randomseedstr) | | 


(hashfilename && hashFilename) ) 
usage (argv[0]); 


/* 
* Perform SHA/HMAC tests 
*/ 
for (hashno = hashnolow; hashno <= hashnohigh; ++thashno) { 
if (printResults == PRINTTEXT) 
printf("Hash %s\n", hashes [hashno].name) ; 
err = shaSuccess; 
for (loopno = 1; (loopno <= loopnohigh) && (err == shaSuccess) ; 


, 
++loopno) { 
if (hashstr) 
err = hash(0, loopno, hashno, hashstr, hashlen, 1, 
numberExtrabits, extrabits, (const unsigned char *)hmacKey, 
hmaclen, resultstr, hashes[hashno].hashsize, printResults, 
printPassFail); 


else if (randomseedstr) 
randomtest (hashno, randomseedstr, hashes[hashno].hashsize, 0, 
randomcount, printResults, printPassFail); 


else if (hashfilename) 
err = hashfile(hashno, hashfilename, extrabits, 
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numberExtrabits, 0, 

(const unsigned char *)hmacKey, hmaclen, 
resultstr, hashes[hashno].hashsize, 

printResults, printPassFail); 

else if (hashFilename) 
err = hashfile(hashno, hashFilename, extrabits, 

numberExtrabits, 1, 

(const unsigned char *)hmacKey, hmaclen, 
resultstr, hashes[hashno].hashsize, 

printResults, printPassFail); 

else /* standard tests */ { 
for (testno - testnolow; 
(testno <= testnohigh) && (err == shaSuccess); ++testno) 
if (runHmacTests) { 
err = hash(testno, loopno, hashno, 

hmachashes[testno].dataarray[hashno] ? 
hmachashes[testno].dataarray[hashno] 
hmachashes[testno].dataarray[1] ? 
hmachashes[testno].dataarray[1] 
hmachashes[testno].dataarray[0], 
hmachashes[testno].datalength[hashno] ? 
hmachashes[testno].datalength[hashno] 
hmachashes[testno].datalength[1] ? 
hmachashes[testno].datalength[1] 
hmachashes[testno].datalength[0], 

1, 0, 0, 

(const unsigned char *)( 
hmachashes[testno].keyarray[hashno] ? 
hmachashes[testno].keyarray[hashno] 
hmachashes[testno].keyarray[1] ? 
hmachashes[testno].keyarray[1] 
hmachashes[testno].keyarray[0]), 
hmachashes[testno].keylength[hashno] ? 
hmachashes[testno].keylength[hashno] 
hmachashes[testno].keylength[1] ? 
hmachashes[testno].keylength[1] 
hmachashes[testno].keylength[0], 
hmachashes[testno].resultarray[hashno], 
hmachashes[testno].resultlength[hashno], 

printResults, printPassFail); 

) else { 
err = hash(testno, loopno, hashno, 
hashes [hashno].tests[testno].testarray, 
hashes [hashno].tests[testno].length, 
hashes [hashno].tests[testno].repeatcount, 
hashes [hashno] .tests [testno] .numberExtrabits, 
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hashes[hashno].tests[testno].extrabits, 0, 0, 
hashes [hashno].tests[testno].resultarray, 
hashes [hashno] .hashsize, 

printResults, printPassFail); 


} 


if (!runHmacTests) { 
randomtest (hashno, hashes[hashno].randomtest, 
hashes [hashno].hashsize, hashes[hashno].randomresults, 
RANDOMCOUNT, printResults, printPassFail); 


} 


/* Test some error returns */ 
if (checkErrors) { 
testErrors(hashnolow, hashnohigh, printResults, printPassFail); 


} 


return 0; 


} 


/* 
* Compare two strings, case independently. 
* Equivalent to strcasecmp() found on some systems. 
Ж 
int scasecmp(const char *sl, const char *s2) 
{ 
for (77) { 
char ul = tolower(*sl+t); 
char u2 = tolower(*s2++); 
if (ul != u2) 
return ul - u2; 
if (ul == ”Х0”) 
return 0; 
} 
} 
/* 
* This is a copy of getopt provided for those systems that do not 
* have it. The name was changed to xgetopt to not conflict on those 
* systems that do have it. Similarly, optarg, optind and opterr 
* were renamed to xoptarg, xoptind and xopterr. 
ж 
* Copyright 1990, 1991, 1992 by the Massachusetts Institute of 
ж 


Technology апа UniSoft Group Limited. 
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Permission to use, copy, modify, distribute, and sell this software 
and its documentation for any purpose is hereby granted without fee, 
provided that the above copyright notice appear in all copies and 
that both that copyright notice and this permission notice appear in 
supporting documentation, and that the names of MIT and UniSoft not 
be used in advertising or publicity pertaining to distribution of 
the software without specific, written prior permission. MIT and 
UniSoft make no representations about the suitability of this 
Software for any purpose. It is provided "as is" without express 

or implied warranty. 


$XConsortium: getopt.c,v 1.2 92/07/01 11:59:04 гыз Exp $ 
NB: Reformatted to match above style. 
/ 


+ + ЖЖ ж Xo X Xo F Xo Xo Xo +++ 


char *xoptarg; 
int xoptind = 1; 
int xopterr - 1; 


static int xgetopt(int argc, char **argv, const char *optstring) 
{ 


static int avplace; 


char *ap; 
char жор; 
int с; 


if (xoptind >= argc) 
return EOF; 


ap = argv[xoptind] + avplace; 


/* At beginning of arg but not an option */ 
if (avplace == 0) { 
if (ap[0] != '-") 
return EOF; 
else if (ар[1] == 7-7) { 
/* Special end of options option */ 
хорёіпа++; 
return EOF; 
} else if (ар[1] == ’\0’) 
return EOF; /* single '-' is not allowed */ 


} 
/* Get next letter */ 


avplacett; 
с = *++ар; 
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cp = strchr(optstring, c); 
if 


(ср == NULL || c == тур 
if (xopterr) 
fprintf(stderr, "Unrecognised option -- %c\n", с); 


return ^^; 


} 


it Cepia) нж екеу of 
/* There should be an option arg */ 
avplace = 0; 
if (ap[1] == 'NO') 4 


/* It is a separate arg */ 
if (++xoptind >= argc) { 
if (xopterr) 


fprintf(stderr, "Option requires an argument\n") ; 


return ”?”; 
} 
xoptarg = argv[xoptind++]; 
} else { 
/* is attached to option letter */ 
xoptarg = ap + 1; 


++xoptind; 
} 
} else { 
/* If we are out of letters then go to next arg */ 
if (ap[1] == '\0’) 4 
++xoptind; 
avplace = 0; 


} 


xoptarg = NULL; 
} 


return c; 
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9: 


10. 


11. 


Security Considerations 


This document is intended to provides the Internet community 
convenient access to source code that implements the United States of 
America Federal Information Processing Standard Secure Hash 
Algorithms (SHAs) [FIPS180-2] and HMACs based upon these one-way hash 
functions. See license in Section 1.1. No independent assertion of 
the security of this hash function by the authors for any particular 
use is intended. 
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